VARIoT IoT vulnerabilities database

VAR-200807-0286 | CVE-2008-2309 | Apple Mac OS X of CoreTypes Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.4 allows user-assisted remote attackers to execute arbitrary code via a (1) .xht or (2) .xhtm file, which does not trigger a "potentially unsafe" warning message in (a) the Download Validation feature in Mac OS X 10.4 or (b) the Quarantine feature in Mac OS X 10.5.
Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers. This update adds .xht and .xhtm files to the system's list of content types that are marked as unsafe under certain circumstances, such as when downloaded from a web page. Although these content types are not automatically loaded, manually opening them can lead to malicious payloads being executed. ----------------------------------------------------------------------
Want a new job?
http://secunia.com/secunia_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
International Partner Manager - Project Sales in the IT-Security
Industry:
http://corporate.secunia.com/about_secunia/64/
----------------------------------------------------------------------
TITLE:
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA30802
VERIFY ADVISORY:
http://secunia.com/advisories/30802/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Cross Site Scripting, Spoofing, Exposure of
sensitive information, Privilege escalation, DoS, System access
WHERE:
>From remote
OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/
DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities and a weakness.
1) An unspecified error in the Alias Manager when handling AFP volume
mount information in an alias data structure can be exploited to cause
a memory corruption and potentially execute arbitrary code.
2) A weakness is caused due to users not being warned before opening
certain potentially unsafe content types, e.g. .xht and .xhtm files.
3) A format string error in c++filt can be exploited to exploited to
execute arbitrary code when a specially crafted string is passed to
the application.
4) An vulnerability in Dock can be exploited by malicious people with
physical access to a system to bypass the screen lock when Expos\xe9 hot
corners are set.
5) A race condition error exists in Launch Services in the download
validation of symbolic links. This can be exploited to execute
arbitrary code when a user visits a malicious web site.
Successful exploitation requires that the "Open 'safe' files" option
is enabled in Safari.
6) A vulnerability in Net-SNMP can be exploited by malicious people
to spoof authenticated SNMPv3 packets.
For more information:
SA30574
7) Some vulnerabilities in Ruby can be exploited by malicious people
to disclose sensitive information, cause a DoS (Denial of Service),
or potentially compromise a vulnerable system.
For more information:
SA29232
SA29794
NOTE: Reportedly, the directory traversal issue does not affect Mac
OS X.
8) A vulnerability in SMB File Server can be exploited by malicious
people to compromise a vulnerable system.
For more information:
SA30228
9) It is possible to store malicious files within the User Template
directory. This can be exploited to execute arbitrary code with
permissions of a new user when his home directory is created using
the User Template directory.
10) Some vulnerabilities in Tomcat can be exploited by malicious
users to disclose sensitive information and by malicious people to
disclose sensitive information or to conduct cross-site scripting
attacks.
For more information:
SA25678
SA26466
SA27398
SA28878
11) A vulnerability in WebKit can be exploited by malicious people to
compromise a user's system. or apply Security Update 2008-004.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200807-0285 | CVE-2008-2308 | Apple Mac OS X of Alias Manager Elevation of privilege vulnerability |
CVSS V2: 4.6 CVSS V3: - Severity: MEDIUM |
Unspecified vulnerability in Alias Manager in Apple Mac OS X 10.5.1 and earlier on Intel platforms allows local users to gain privileges or cause a denial of service (memory corruption and application crash) by resolving an alias that contains crafted AFP volume mount information. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2008-004 and Mac OS X/Mac OS X Server 10.5.4.
Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers. ----------------------------------------------------------------------
Want a new job?
http://secunia.com/secunia_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
International Partner Manager - Project Sales in the IT-Security
Industry:
http://corporate.secunia.com/about_secunia/64/
----------------------------------------------------------------------
TITLE:
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA30802
VERIFY ADVISORY:
http://secunia.com/advisories/30802/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Cross Site Scripting, Spoofing, Exposure of
sensitive information, Privilege escalation, DoS, System access
WHERE:
>From remote
OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/
DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities and a weakness.
2) A weakness is caused due to users not being warned before opening
certain potentially unsafe content types, e.g. .xht and .xhtm files.
3) A format string error in c++filt can be exploited to exploited to
execute arbitrary code when a specially crafted string is passed to
the application.
4) An vulnerability in Dock can be exploited by malicious people with
physical access to a system to bypass the screen lock when Expos\xe9 hot
corners are set.
5) A race condition error exists in Launch Services in the download
validation of symbolic links. This can be exploited to execute
arbitrary code when a user visits a malicious web site.
Successful exploitation requires that the "Open 'safe' files" option
is enabled in Safari.
6) A vulnerability in Net-SNMP can be exploited by malicious people
to spoof authenticated SNMPv3 packets.
For more information:
SA30574
7) Some vulnerabilities in Ruby can be exploited by malicious people
to disclose sensitive information, cause a DoS (Denial of Service),
or potentially compromise a vulnerable system.
For more information:
SA29232
SA29794
NOTE: Reportedly, the directory traversal issue does not affect Mac
OS X.
8) A vulnerability in SMB File Server can be exploited by malicious
people to compromise a vulnerable system.
For more information:
SA30228
9) It is possible to store malicious files within the User Template
directory. This can be exploited to execute arbitrary code with
permissions of a new user when his home directory is created using
the User Template directory.
10) Some vulnerabilities in Tomcat can be exploited by malicious
users to disclose sensitive information and by malicious people to
disclose sensitive information or to conduct cross-site scripting
attacks.
For more information:
SA25678
SA26466
SA27398
SA28878
11) A vulnerability in WebKit can be exploited by malicious people to
compromise a user's system. or apply Security Update 2008-004.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200807-0011 | CVE-2008-2314 | Apple Mac OS X of Dock Vulnerable to unlocking sleep mode and screensaver |
CVSS V2: 4.4 CVSS V3: - Severity: MEDIUM |
Dock in Apple Mac OS X 10.5 before 10.5.4, when Exposé hot corners is enabled, allows physically proximate attackers to gain access to a locked session in (1) sleep mode or (2) screen saver mode via unspecified vectors. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2008-004 and Mac OS X/Mac OS X Server 10.5.4.
Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers. Permissions license and access control issues exist in the Dock component of Apple Mac OS X prior to 10.5.4. ----------------------------------------------------------------------
Want a new job?
http://secunia.com/secunia_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
International Partner Manager - Project Sales in the IT-Security
Industry:
http://corporate.secunia.com/about_secunia/64/
----------------------------------------------------------------------
TITLE:
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA30802
VERIFY ADVISORY:
http://secunia.com/advisories/30802/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Cross Site Scripting, Spoofing, Exposure of
sensitive information, Privilege escalation, DoS, System access
WHERE:
>From remote
OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/
DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities and a weakness.
1) An unspecified error in the Alias Manager when handling AFP volume
mount information in an alias data structure can be exploited to cause
a memory corruption and potentially execute arbitrary code.
2) A weakness is caused due to users not being warned before opening
certain potentially unsafe content types, e.g. .xht and .xhtm files.
3) A format string error in c++filt can be exploited to exploited to
execute arbitrary code when a specially crafted string is passed to
the application.
4) An vulnerability in Dock can be exploited by malicious people with
physical access to a system to bypass the screen lock when Expos\xe9 hot
corners are set.
5) A race condition error exists in Launch Services in the download
validation of symbolic links. This can be exploited to execute
arbitrary code when a user visits a malicious web site.
Successful exploitation requires that the "Open 'safe' files" option
is enabled in Safari.
6) A vulnerability in Net-SNMP can be exploited by malicious people
to spoof authenticated SNMPv3 packets.
For more information:
SA30574
7) Some vulnerabilities in Ruby can be exploited by malicious people
to disclose sensitive information, cause a DoS (Denial of Service),
or potentially compromise a vulnerable system.
For more information:
SA29232
SA29794
NOTE: Reportedly, the directory traversal issue does not affect Mac
OS X.
8) A vulnerability in SMB File Server can be exploited by malicious
people to compromise a vulnerable system.
For more information:
SA30228
9) It is possible to store malicious files within the User Template
directory. This can be exploited to execute arbitrary code with
permissions of a new user when his home directory is created using
the User Template directory.
10) Some vulnerabilities in Tomcat can be exploited by malicious
users to disclose sensitive information and by malicious people to
disclose sensitive information or to conduct cross-site scripting
attacks.
For more information:
SA25678
SA26466
SA27398
SA28878
11) A vulnerability in WebKit can be exploited by malicious people to
compromise a user's system. or apply Security Update 2008-004.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200807-0010 | CVE-2008-2313 | Apple Mac OS X Elevation of privilege vulnerability in user temporary directory |
CVSS V2: 4.6 CVSS V3: - Severity: MEDIUM |
Apple Mac OS X before 10.5 uses weak permissions for the User Template directory, which allows local users to gain privileges by inserting a Trojan horse file into this directory. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2008-004 and Mac OS X/Mac OS X Server 10.5.4.
Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers. ----------------------------------------------------------------------
Want a new job?
http://secunia.com/secunia_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
International Partner Manager - Project Sales in the IT-Security
Industry:
http://corporate.secunia.com/about_secunia/64/
----------------------------------------------------------------------
TITLE:
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA30802
VERIFY ADVISORY:
http://secunia.com/advisories/30802/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Cross Site Scripting, Spoofing, Exposure of
sensitive information, Privilege escalation, DoS, System access
WHERE:
>From remote
OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/
DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities and a weakness.
1) An unspecified error in the Alias Manager when handling AFP volume
mount information in an alias data structure can be exploited to cause
a memory corruption and potentially execute arbitrary code.
2) A weakness is caused due to users not being warned before opening
certain potentially unsafe content types, e.g. .xht and .xhtm files.
3) A format string error in c++filt can be exploited to exploited to
execute arbitrary code when a specially crafted string is passed to
the application.
4) An vulnerability in Dock can be exploited by malicious people with
physical access to a system to bypass the screen lock when Expos\xe9 hot
corners are set.
5) A race condition error exists in Launch Services in the download
validation of symbolic links. This can be exploited to execute
arbitrary code when a user visits a malicious web site.
Successful exploitation requires that the "Open 'safe' files" option
is enabled in Safari.
6) A vulnerability in Net-SNMP can be exploited by malicious people
to spoof authenticated SNMPv3 packets.
For more information:
SA30574
7) Some vulnerabilities in Ruby can be exploited by malicious people
to disclose sensitive information, cause a DoS (Denial of Service),
or potentially compromise a vulnerable system.
For more information:
SA29232
SA29794
NOTE: Reportedly, the directory traversal issue does not affect Mac
OS X.
8) A vulnerability in SMB File Server can be exploited by malicious
people to compromise a vulnerable system.
For more information:
SA30228
9) It is possible to store malicious files within the User Template
directory. This can be exploited to execute arbitrary code with
permissions of a new user when his home directory is created using
the User Template directory.
10) Some vulnerabilities in Tomcat can be exploited by malicious
users to disclose sensitive information and by malicious people to
disclose sensitive information or to conduct cross-site scripting
attacks.
For more information:
SA25678
SA26466
SA27398
SA28878
11) A vulnerability in WebKit can be exploited by malicious people to
compromise a user's system. or apply Security Update 2008-004.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200807-0009 | CVE-2008-2311 | Apple Mac OS X of Launch Services Vulnerable to symbolic link attacks |
CVSS V2: 7.6 CVSS V3: - Severity: HIGH |
Launch Services in Apple Mac OS X before 10.5, when Open Safe Files is enabled, allows remote attackers to execute arbitrary code via a symlink attack, probably related to a race condition and automatic execution of a downloaded file. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2008-004 and Mac OS X/Mac OS X Server 10.5.4.
Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers. ----------------------------------------------------------------------
Want a new job?
http://secunia.com/secunia_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
International Partner Manager - Project Sales in the IT-Security
Industry:
http://corporate.secunia.com/about_secunia/64/
----------------------------------------------------------------------
TITLE:
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA30802
VERIFY ADVISORY:
http://secunia.com/advisories/30802/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Cross Site Scripting, Spoofing, Exposure of
sensitive information, Privilege escalation, DoS, System access
WHERE:
>From remote
OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/
DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities and a weakness.
1) An unspecified error in the Alias Manager when handling AFP volume
mount information in an alias data structure can be exploited to cause
a memory corruption and potentially execute arbitrary code.
2) A weakness is caused due to users not being warned before opening
certain potentially unsafe content types, e.g. .xht and .xhtm files.
3) A format string error in c++filt can be exploited to exploited to
execute arbitrary code when a specially crafted string is passed to
the application.
4) An vulnerability in Dock can be exploited by malicious people with
physical access to a system to bypass the screen lock when Expos\xe9 hot
corners are set.
5) A race condition error exists in Launch Services in the download
validation of symbolic links. This can be exploited to execute
arbitrary code when a user visits a malicious web site.
Successful exploitation requires that the "Open 'safe' files" option
is enabled in Safari.
6) A vulnerability in Net-SNMP can be exploited by malicious people
to spoof authenticated SNMPv3 packets.
For more information:
SA30574
7) Some vulnerabilities in Ruby can be exploited by malicious people
to disclose sensitive information, cause a DoS (Denial of Service),
or potentially compromise a vulnerable system.
For more information:
SA29232
SA29794
NOTE: Reportedly, the directory traversal issue does not affect Mac
OS X.
8) A vulnerability in SMB File Server can be exploited by malicious
people to compromise a vulnerable system.
For more information:
SA30228
9) It is possible to store malicious files within the User Template
directory. This can be exploited to execute arbitrary code with
permissions of a new user when his home directory is created using
the User Template directory.
10) Some vulnerabilities in Tomcat can be exploited by malicious
users to disclose sensitive information and by malicious people to
disclose sensitive information or to conduct cross-site scripting
attacks.
For more information:
SA25678
SA26466
SA27398
SA28878
11) A vulnerability in WebKit can be exploited by malicious people to
compromise a user's system. or apply Security Update 2008-004.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200807-0008 | CVE-2008-2310 | Apple Mac OS X of c++filt Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Format string vulnerability in c++filt in Apple Mac OS X 10.5 before 10.5.4 allows user-assisted attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string in (1) C++ or (2) Java source code. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2008-004 and Mac OS X/Mac OS X Server 10.5.4.
Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers. ----------------------------------------------------------------------
Want a new job?
http://secunia.com/secunia_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
International Partner Manager - Project Sales in the IT-Security
Industry:
http://corporate.secunia.com/about_secunia/64/
----------------------------------------------------------------------
TITLE:
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA30802
VERIFY ADVISORY:
http://secunia.com/advisories/30802/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Cross Site Scripting, Spoofing, Exposure of
sensitive information, Privilege escalation, DoS, System access
WHERE:
>From remote
OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/
DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities and a weakness.
1) An unspecified error in the Alias Manager when handling AFP volume
mount information in an alias data structure can be exploited to cause
a memory corruption and potentially execute arbitrary code.
2) A weakness is caused due to users not being warned before opening
certain potentially unsafe content types, e.g. .xht and .xhtm files.
4) An vulnerability in Dock can be exploited by malicious people with
physical access to a system to bypass the screen lock when Expos\xe9 hot
corners are set.
5) A race condition error exists in Launch Services in the download
validation of symbolic links. This can be exploited to execute
arbitrary code when a user visits a malicious web site.
Successful exploitation requires that the "Open 'safe' files" option
is enabled in Safari.
6) A vulnerability in Net-SNMP can be exploited by malicious people
to spoof authenticated SNMPv3 packets.
For more information:
SA30574
7) Some vulnerabilities in Ruby can be exploited by malicious people
to disclose sensitive information, cause a DoS (Denial of Service),
or potentially compromise a vulnerable system.
For more information:
SA29232
SA29794
NOTE: Reportedly, the directory traversal issue does not affect Mac
OS X.
8) A vulnerability in SMB File Server can be exploited by malicious
people to compromise a vulnerable system.
For more information:
SA30228
9) It is possible to store malicious files within the User Template
directory. This can be exploited to execute arbitrary code with
permissions of a new user when his home directory is created using
the User Template directory.
10) Some vulnerabilities in Tomcat can be exploited by malicious
users to disclose sensitive information and by malicious people to
disclose sensitive information or to conduct cross-site scripting
attacks.
For more information:
SA25678
SA26466
SA27398
SA28878
11) A vulnerability in WebKit can be exploited by malicious people to
compromise a user's system. or apply Security Update 2008-004.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200806-0438 | No CVE | ServerView Web Interface Stack Overflow Vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
ServerView is an asset management tool for automated analysis and version maintenance.
There are multiple stack overflow vulnerabilities in some components of the ServerView Web interface (such as SnmpGetMibValues.exe). If a remote attacker sends a malicious URL request to the Web interface, these overflows can be triggered, causing arbitrary instructions to be executed.
VAR-200807-0340 | CVE-2008-3082 | Commtouch Enterprise Anti-Spam Gateway of UPM/English/login/login.asp Vulnerable to cross-site scripting |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in UPM/English/login/login.asp in Commtouch Enterprise Anti-Spam Gateway 4 and 5 allows remote attackers to inject arbitrary web script or HTML via the PARAMS parameter.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Commtouch Anti-Spam Enterprise Gateway 4 and 5 are vulnerable; other versions may also be affected. Commtouch Anti-Spam is an enterprise-level anti-spam protection platform developed by Israel Commtouch Company. The Commtouch Anti-Spam product regularly sends email reports to users, listing the blocked suspicious spam emails, and then users can click related links in the emails to confirm whether suspicious emails should be released. If an attacker sends an email message containing a malicious link, the user is tricked into clicking the link in the message, which can lead to a cross-site scripting attack.
Input passed to the "PARAMS" parameter in
AntiSpamGateway/UPM/English/login/login.asp is not properly sanitised
before being returned to a user.
The vulnerability is reported in version 4 and 5.
SOLUTION:
Filter malicious characters and character sequences using a web
proxy.
PROVIDED AND/OR DISCOVERED BY:
Erez Metula
ORIGINAL ADVISORY:
http://lists.grok.org.uk/pipermail/full-disclosure/2008-June/062955.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200806-0343 | CVE-2008-2730 | Cisco Unified Communications Manager of RIS Data Collector Authentication bypass vulnerability in services |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) and 6.x before 6.1(1) allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct TCP connection to the service port, aka Bug ID CSCsj90843. The problem is Bug ID : CSCsj90843 It is a problem.Please refer to the “Overview” for the impact of this vulnerability.
Attackers can exploit this issue to gain read-only access to potentially sensitive information about a CUCM cluster. Information harvested can aid in further attacks.
The following versions of CUCM are affected:
4.2 prior to 4.2(3)SR4
4.3 prior to 4.3(2)SR1
5.0 prior to 5.1(3c)
6.0 prior to 6.1(2)
Unified CallManager 4.1 versions are also affected. In normal operation, Real-Time Monitoring Tool (RTMT) clients collect CUCM cluster statistics by authenticating to the Simple Object Access Protocol (SOAP)-based web interface, which proxies the authenticated connection to the RIS data collector process.
1) An unspecified error in the Computer Telephony Integration (CTI)
Manager service can be exploited to cause a DoS by sending a
specially crafted packet to port 2748/TCP. information about performance
statistics, user names, and configured IP phones.
PROVIDED AND/OR DISCOVERED BY:
VoIPshield
CHANGELOG:
2008-06-26: Added links to VoIPshield.
ORIGINAL ADVISORY:
Cisco:
http://www.cisco.com/warp/public/707/cisco-sa-20080625-cucm.shtml
VoIPshield:
http://www.voipshield.com/research-details.php?id=64
http://www.voipshield.com/research-details.php?id=65
http://www.voipshield.com/research-details.php?id=66
http://www.voipshield.com/research-details.php?id=67
http://www.voipshield.com/research-details.php?id=68
http://www.voipshield.com/research-details.php?id=69
http://www.voipshield.com/research-details.php?id=70
http://www.voipshield.com/research-details.php?id=71
http://www.voipshield.com/research-details.php?id=72
http://www.voipshield.com/research-details.php?id=73
http://www.voipshield.com/research-details.php?id=74
http://www.voipshield.com/research-details.php?id=75
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200806-0201 | CVE-2008-2061 | Cisco Unified Communications Manager CTI Service Denial of Service Vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
The Computer Telephony Integration (CTI) Manager service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3c) and 6.x before 6.1(2) allows remote attackers to cause a denial of service (TSP crash) via malformed network traffic to TCP port 2748. By a remote attacker, TCP port 2748 Service disruption through unauthorized network traffic to (DoS) There is a possibility of being put into a state.Please refer to the “Overview” for the impact of this vulnerability. Cisco Unified Communications Manager is prone to a denial-of-service vulnerability because it fails to handle malformed input.
An attacker can exploit this issue to cause an interruption in voice services.
This issue is documented by Cisco Bug ID CSCso75027.
Cisco has released free software updates that address these
vulnerabilities. There are no workarounds for these vulnerabilities.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20080625-cucm.shtml.
Administrators of systems that are running CUCM versions 5.x and 6.x
can determine the software version by viewing the main page of the
CUCM administration interface. The software version can also be
determined by running the command show version active via the command
line interface (CLI). No other Cisco products are currently known to be
affected by these vulnerabilities.
Details
=======
Cisco Unified Communications Manager (CUCM) is the call processing
component of the Cisco IP Telephony solution that extends enterprise
telephony features and functions to packet telephony network devices,
such as IP phones, media processing devices, VoIP gateways, and
multimedia applications. The CTI Manager service
listens by default on TCP port 2748 and is not user-configurable.
There is no workaround for this vulnerability. This vulnerability is
fixed in CUCM versions 5.1(3c) and 6.1(2).
Real-Time Information Server Data Collector Related Vulnerability
The Real-Time Information Server (RIS) Data Collector service of CUCM
versions 4.x, 5.x, and 6.x contains an authentication bypass
vulnerability that may result in the unauthorized disclosure of
certain CUCM cluster information. In normal operation, Real-Time
Monitoring Tool (RTMT) clients gather CUCM cluster statistics by
authenticating to a Simple Object Access Protocol (SOAP) based web
interface. The SOAP interface proxies authenticated connections to
the RIS Data Collector process. The RIS Data Collector service
listens on TCP port 2556 by default and is user configurable. By
connecting directly to the port that the RIS Data Collector process
listens on, it may be possible to bypass authentication checks and
gain read-only access to information about a CUCM cluster. The
information available includes performance statistics, user names,
and configured IP phones. This information may be used to mount
further attacks. No passwords or other sensitive CUCM configuration
may be obtained via this vulnerability. No CUCM configuration changes
can be made.
There is no workaround for this vulnerability. This vulnerability is
fixed in CUCM versions 4.2(3)SR4, 4.3(2)SR1, 5.1(3), and 6.1(1).
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerabilities in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding
CVSS at:
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at:
http://intellishield.cisco.com/security/alertmanager/cvss
CSCso75027 - CTI Manager TSP Crash
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official Fix
Report Confidence - Confirmed
CSCsq35151 - RISDC Authentication Bypass
CVSS Base Score - 5
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - Partial
Integrity Impact - None
Availability Impact - None
CVSS Temporal Score - 4.1
Exploitability - Functional
Remediation Level - Official Fix
Report Confidence - Confirmed
CSCsj90843 - RISDC Authentication Bypass
CVSS Base Score - 5
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - Partial
Integrity Impact - None
Availability Impact - None
CVSS Temporal Score - 4.1
Exploitability - Functional
Remediation Level - Official Fix
Report Confidence - Confirmed
Impact
======
Successful exploitation of the vulnerabilities in this advisory may
result in the interruption of voice services or disclosure of
information useful for reconnaissance.
Software Versions and Fixes
===========================
When considering software upgrades, also consult http://www.cisco.com/go/psirt
and any subsequent advisories to determine exposure and a
complete upgrade solution.
In all cases, customers should exercise caution to be certain the
devices to be upgraded contain sufficient memory and that current
hardware and software configurations will continue to be supported
properly by the new release. If the information is not clear, contact
the Cisco Technical Assistance Center (TAC) or your contracted
maintenance provider for assistance. Cisco Unified CallManager 4.1 version
administrators are encouraged to upgrade to CUCM version 4.2(3)SR4 in
order to obtain fixed software. Version 4.2(3)SR4 can be downloaded
at the following link:
http://tools.cisco.com/support/downloads/go/PlatformList.x?sftType=Unified%20Communications%20Manager%20Updates&mdfid=280264388&treeName=Voice%20and%20Unified%20Communications&mdfLevel=Software%20Version/Option&url=null&modelName=Cisco%20Unified%20CallManager%20Version%204.2&isPlatform=N&treeMdfId=278875240&modifmdid=null&imname=null&hybrid=Y&imst=N
CUCM version 4.3(2)SR1 contains fixes for all vulnerabilities
affecting CUCM version 4.3 listed in this advisory and is scheduled
to be released in mid-July, 2008. Version 4.3(2)SR1 will be available
for download at the following link:
http://tools.cisco.com/support/downloads/go/PlatformList.x?sftType=Unified%20Communications%20Manager%20Updates&mdfid=280771554&treeName=Voice%20and%20Unified%20Communications&mdfLevel=Software%20Version/Option&url=null&modelName=Cisco%20Unified%20Communications%20Manager%20Version%204.3&isPlatform=N&treeMdfId=278875240&modifmdfid=null&imname=null&hybrid=Y&imst=N
CUCM version 5.1(3c) contains fixes for all vulnerabilities affecting
CUCM version 5.x listed in this advisory. Version 5.1(3c) can
downloaded at the following link:
http://tools.cisco.com/support/downloads/go/ReleaseType.x?optPlat=null&isPlatform=Y&mdfid=280735907&sftType=Unified%20Communications%20Manager%20Updates&treeName=Voice%20and%20Unified%20Communications&modelName=Cisco%20Unified%20Communications%20Manager%20Version%205.1&mdfLevel=Software%20Version/Option&treeMdfId=278875240&modifmdfid=null&imname=null&hybrid=Y&imst=N
CUCM version 6.1(2) contains fixes for all vulnerabilities affecting
CUCM version 6.x listed in this advisory. Version 6.1(2) can be
downloaded at the following link:
http://tools.cisco.com/support/downloads/go/PlatformList.x?sftType=Unified%20Communications%20Manager%20Updates&mdfid=281023410&treeName=Voice%20and%20Unified%20Communications&mdfLevel=Software%20Version/Option&url=null&modelName=Cisco%20Unified%20Communications%20Manager%20Version%206.1&isPlatform=N&treeMdfId=278875240&modifmdfid=null&imname=null&hybrid=Y&imst=N
Workarounds
===========
CTI Manager Related Vulnerability
It is possible to mitigate the CTI Manager vulnerability (CSCso75027)
by implementing filtering on screening devices. Administrators are
advised to permit access to TCP port 2748 only from networks that
contain systems running CTI-enabled applications.
RIS Data Collector Related Vulnerability
It is possible to mitigate the RIS Data Collector vulnerability
(CSCsq35151 and CSCsj90843) by implementing filtering on screening
devices. Administrators are advised to permit access to TCP port 2556
only from other CUCM cluster systems.
It is possible to change the default port (TCP 2556) of the RIS Data
Collector service. If changed, filtering should be based on the
values used.
Additional mitigation techniques that can be deployed on Cisco
devices within the network are available in the Cisco Applied
Mitigation Bulletin companion document for this advisory:
http://www.cisco.com/warp/public/707/cisco-amb-20080625-cucm.shtml
Obtaining Fixed Software
========================
Cisco has released free software updates that address these
vulnerabilities. Prior to deploying software, customers should
consult their maintenance provider or check the software for feature
set compatibility and known issues specific to their environment.
Customers may only install and expect support for the feature sets
they have purchased. By installing, downloading, accessing or
otherwise using such software upgrades, customers agree to be bound
by the terms of Cisco's software license terms found at
http://www.cisco.com/en/US/products/prod_warranties_item09186a008088e31f.html,
or as otherwise set forth at Cisco.com Downloads at
http://www.cisco.com/public/sw-center/sw-usingswc.shtml.
Do not contact psirt@cisco.com or security-alert@cisco.com for
software upgrades.
Customers with Service Contracts
+-------------------------------
Customers with contracts should obtain upgraded software through
their regular update channels. For most customers, this means that
upgrades should be obtained through the Software Center on Cisco's
worldwide website at http://www.cisco.com.
Customers using Third Party Support Organizations
+------------------------------------------------
Customers whose Cisco products are provided or maintained through
prior or existing agreements with third-party support organizations,
such as Cisco Partners, authorized resellers, or service providers
should contact that support organization for guidance and assistance
with the appropriate course of action in regards to this advisory.
The effectiveness of any workaround or fix is dependent on specific
customer situations, such as product mix, network topology, traffic
behavior, and organizational mission. Due to the variety of affected
products and releases, customers should consult with their service
provider or support organization to ensure any applied workaround or
fix is the most appropriate for use in the intended network before it
is deployed.
Customers without Service Contracts
+----------------------------------
Customers who purchase direct from Cisco but do not hold a Cisco
service contract, and customers who purchase through third-party
vendors but are unsuccessful in obtaining fixed software through
their point of sale should acquire upgrades by contacting the Cisco
Technical Assistance Center (TAC). TAC contacts are as follows.
* +1 800 553 2447 (toll free from within North America)
* +1 408 526 7209 (toll call from anywhere in the world)
* e-mail: tac@cisco.com
Customers should have their product serial number available and be
prepared to give the URL of this notice as evidence of entitlement to
a free upgrade. Free upgrades for non-contract customers must be
requested through the TAC.
Refer to http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml
for additional TAC contact information, including localized telephone
numbers, and instructions and e-mail addresses for use in various
languages.
Exploitation and Public Announcements
=====================================
The Cisco PSIRT is not aware of any public announcements or malicious
use of the vulnerability described in this advisory.
Cisco PSIRT greatly appreciates the opportunity to work with
researchers on security vulnerabilities and welcomes the opportunity
to review and assist in product reports. We would like to thank
VoIPshield for working with us towards the goal of keeping Cisco
networks and the Internet, as a whole, secure.
Status of this Notice: FINAL
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that
omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain
factual errors.
Distribution
============
This advisory is posted on Cisco's worldwide website at :
http://www.cisco.com/warp/public/707/cisco-sa-20080625-cucm.shtml
In addition to worldwide web posting, a text version of this notice
is clear-signed with the Cisco PSIRT PGP key and is posted to the
following e-mail and Usenet news recipients.
* cust-security-announce@cisco.com
* first-teams@first.org
* bugtraq@securityfocus.com
* vulnwatch@vulnwatch.org
* cisco@spot.colorado.edu
* cisco-nsp@puck.nether.net
* full-disclosure@lists.grok.org.uk
* comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the above URL for any updates.
Revision History
================
+---------------------------------------+
| Revision | | Initial |
| 1.0 | 2008-June-25 | public |
| | | release |
+---------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at http://www.cisco.com/en/US/products/
products_security_vulnerability_policy.html. This includes
instructions for press inquiries regarding Cisco security notices.
All Cisco security advisories are available at http://www.cisco.com/
go/psirt.
-----BEGIN PGP SIGNATURE-----
iD8DBQFIYmPu86n/Gc8U/uARAnjvAJ9P4Ph/Lcj8OcF1ptXKm75OHJeNuQCfdcS2
N0WGH2mNx0asIo4pzmCb4VE=
=/vU7
-----END PGP SIGNATURE-----
.
PROVIDED AND/OR DISCOVERED BY:
VoIPshield
CHANGELOG:
2008-06-26: Added links to VoIPshield.
ORIGINAL ADVISORY:
Cisco:
http://www.cisco.com/warp/public/707/cisco-sa-20080625-cucm.shtml
VoIPshield:
http://www.voipshield.com/research-details.php?id=64
http://www.voipshield.com/research-details.php?id=65
http://www.voipshield.com/research-details.php?id=66
http://www.voipshield.com/research-details.php?id=67
http://www.voipshield.com/research-details.php?id=68
http://www.voipshield.com/research-details.php?id=69
http://www.voipshield.com/research-details.php?id=70
http://www.voipshield.com/research-details.php?id=71
http://www.voipshield.com/research-details.php?id=72
http://www.voipshield.com/research-details.php?id=73
http://www.voipshield.com/research-details.php?id=74
http://www.voipshield.com/research-details.php?id=75
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor
VAR-200806-0202 | CVE-2008-2062 | Cisco Unified Communications Manager of RIS Data Collector Authentication bypass vulnerability in services |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) before 4.2(3)SR4, and 4.3 before 4.3(2)SR1, allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct TCP connection to the service port, aka Bug ID CSCsq35151. The problem is Bug ID : CSCsq35151 It is a problem.Please refer to the “Overview” for the impact of this vulnerability.
Attackers can exploit this issue to gain read-only access to potentially sensitive information about a CUCM cluster. Information harvested can aid in further attacks.
The following versions of CUCM are affected:
4.2 prior to 4.2(3)SR4
4.3 prior to 4.3(2)SR1
5.0 prior to 5.1(3c)
6.0 prior to 6.1(2)
Unified CallManager 4.1 versions are also affected. In normal operation, Real-Time Monitoring Tool (RTMT) clients collect CUCM cluster statistics by authenticating to the Simple Object Access Protocol (SOAP)-based web interface, which proxies the authenticated connection to the RIS data collector process.
1) An unspecified error in the Computer Telephony Integration (CTI)
Manager service can be exploited to cause a DoS by sending a
specially crafted packet to port 2748/TCP. information about performance
statistics, user names, and configured IP phones.
PROVIDED AND/OR DISCOVERED BY:
VoIPshield
CHANGELOG:
2008-06-26: Added links to VoIPshield.
ORIGINAL ADVISORY:
Cisco:
http://www.cisco.com/warp/public/707/cisco-sa-20080625-cucm.shtml
VoIPshield:
http://www.voipshield.com/research-details.php?id=64
http://www.voipshield.com/research-details.php?id=65
http://www.voipshield.com/research-details.php?id=66
http://www.voipshield.com/research-details.php?id=67
http://www.voipshield.com/research-details.php?id=68
http://www.voipshield.com/research-details.php?id=69
http://www.voipshield.com/research-details.php?id=70
http://www.voipshield.com/research-details.php?id=71
http://www.voipshield.com/research-details.php?id=72
http://www.voipshield.com/research-details.php?id=73
http://www.voipshield.com/research-details.php?id=74
http://www.voipshield.com/research-details.php?id=75
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200806-0424 | CVE-2008-2306 | Apple Safari automatically executes downloaded files based on Internet Explorer zone settings |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Apple Safari before 3.1.2 on Windows does not properly interpret the URLACTION_SHELL_EXECUTE_HIGHRISK Internet Explorer zone setting, which allows remote attackers to bypass intended access restrictions, and force a client system to download and execute arbitrary files. Windows Edition Safari Is Internet Explorer There is a problem of automatically executing the downloaded file depending on the setting contents. As a result, a remote attacker may execute arbitrary code. Apple Safari is prone to a remote code-execution vulnerability.
Successfully exploiting this issue will allow attackers to run arbitrary code with the privileges of the user running the affected application.
This issue affects versions prior to Apple Safari 3.1.2 running on Microsoft Windows XP and Windows Vista. Safari is the web browser bundled by default in the Apple family operating system. ----------------------------------------------------------------------
Want a new job?
http://secunia.com/secunia_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
International Partner Manager - Project Sales in the IT-Security
Industry:
http://corporate.secunia.com/about_secunia/64/
----------------------------------------------------------------------
TITLE:
Apple Safari for Windows Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA30775
VERIFY ADVISORY:
http://secunia.com/advisories/30775/
CRITICAL:
Highly critical
IMPACT:
Exposure of sensitive information, System access
WHERE:
>From remote
REVISION:
1.1 originally posted 2008-06-20
SOFTWARE:
Safari for Windows 3.x
http://secunia.com/product/17978/
DESCRIPTION:
Some vulnerabilities and a security issue have been reported in Apple
Safari, which can be exploited by malicious people to disclose
sensitive information or to compromise a user's system.
1) A boundary error within the handling of BMP and GIF images can be
exploited to trigger an out-of-bounds read and disclose content in
memory.
3) An unspecified error in the handling of Javascript arrays can be
exploited to cause a memory corruption when a user visits a specially
crafted web page.
SOLUTION:
Update to version 3.1.2.
http://www.apple.com/support/downloads/safari312forwindows.html
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Gynvael Coldwind, Hispasec
2) Will Dormann, CERT/CC
3) James Urquhart
CHANGELOG:
2008-06-20: Added link to US-CERT.
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT2092
US-CERT VU#127185:
http://www.kb.cert.org/vuls/id/127185
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200806-0321 | CVE-2008-2830 | Apple Mac OS X of ARDAgent Elevation of privilege vulnerability |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
Open Scripting Architecture in Apple Mac OS X 10.4.11 and 10.5.4, and some other 10.4 and 10.5 versions, does not properly restrict the loading of scripting addition plugins, which allows local users to gain privileges via scripting addition commands to a privileged application, as originally demonstrated by an osascript tell command to ARDAgent.
Successful exploits allow local attackers to execute arbitrary code with superuser privileges, completely compromising the affected computer.
This issue is confirmed to affect Mac OS X 10.5 versions; earlier versions may also be vulnerable. A local attacker can invoke Mac OS X's ARDAgent via AppleScript (such as osascript). This vulnerability is currently being actively exploited by a Trojan named AppleScript.THT. Once the user is tricked into installing a malicious file with a Trojan horse, the Trojan horse will open file sharing, Web sharing, and remote login. The default file name of the Trojan is AStht_06.app, and the installation location is /Library/Caches.
The problem is that "ARDAgent", which is owned by "root" and has the
setuid bit set, can be invoked to execute shell commands via
AppleScript (e.g. through "osascript"). This can be exploited to
execute arbitrary commands with root privileges.
SOLUTION:
Grant only trusted users access to affected systems.
PROVIDED AND/OR DISCOVERED BY:
Reported in the Macshadows.com forums and via Slashdot.
ORIGINAL ADVISORY:
http://www.macshadows.com/forums/index.php?showtopic=8640
http://it.slashdot.org/article.pl?sid=08/06/18/1919224
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200806-0200 | CVE-2008-2060 | Cisco Intrustion Prevention System (IPS) Platforms Service disruption in inline mode (DoS) Vulnerabilities |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in Cisco Intrusion Prevention System (IPS) 5.x before 5.1(8)E2 and 6.x before 6.0(5)E2, when inline mode and jumbo Ethernet support are enabled, allows remote attackers to cause a denial of service (panic), and possibly bypass intended restrictions on network traffic, via a "specific series of jumbo Ethernet frames.". Cisco Intrusion Prevention System (IPS) There is a service disruption (DoS) An unknown vulnerability exists.
An attacker can exploit this issue to cause a kernel panic and deny service for legitimate users.
Versions prior to Cisco Intrustion Prevention System 5.1(8)E2 and 6.0(5)E2 are vulnerable.
NOTE: This issue affects only platforms that contain gigabit network interfaces and are deployed in inline mode. Successful exploitation of the vulnerabilities described in this article could result in a denial of service over the network, requiring a power outage to resume operation.
SOLUTION:
Reportedly, fixed versions 5.1(8)E2 and 6.0(5)E2 will be available
soon.
ORIGINAL ADVISORY:
http://www.cisco.com/warp/public/707/cisco-sa-20080618-ips.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor. This vulnerability may lead to a kernel panic that requires a
power cycle to recover platform operation.
Cisco has released free software updates that address this
vulnerability. There is a workaround for this vulnerability.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20080618-ips.shtml.
To determine the version of software that is running on a Cisco IPS
platform, log into the platform using the console or Secure Shell
(SSH) and issue the show version command.
sensor# show version
Application Partition:
Cisco Intrusion Prevention System, Version 6.0(4a)E1
To determine whether a Cisco IPS platform has interfaces configured
for inline mode, log into the platform using the console or SSH and
issue the show interfaces command. Look for paired interfaces in the
Inline Mode statement of the command output.
sensor# show interfaces
...
MAC statistics from interface GigabitEthernet0/1
Interface function = Sensing interface
Description =
Media Type = TX
Missed Packet Percentage = 0
Inline Mode = Paired with interface GigabitEthernet0/0
...
MAC statistics from interface GigabitEthernet0/0
Interface function = Sensing interface
Description =
Media Type = TX
Missed Packet Percentage = 0
Inline Mode = Paired with interface GigabitEthernet0/1
Products Confirmed Not Vulnerable
+--------------------------------
The following Cisco IPS platforms are not vulnerable:
* 4210
* 4215
* SSM-AIP10
* SSM-AIP20
* SSM-AIP40
* AIM-IPS
* NM-CIDS
* IDSM2
Cisco IPS version 6.1(1) is not vulnerable. No other Cisco
products are currently known to be affected by this vulnerability.
Jumbo Ethernet support is usually deployed in data center
environments to increase inter-server communication performance and
is not a default configuration for Cisco routers and switches.
If they are configured to use bypass mode to allow traffic to pass in
the event of a system failure, all Cisco IPS platforms will fail to
forward traffic except for the 4260 and 4270 platforms. The Cisco IPS
4260 and 4270 platforms contain a hardware bypass feature that allows
them to pass network traffic in the event of a kernel panic or power
outage. They will pass traffic by default if the hardware bypass
feature is engaged.
This vulnerability is documented in Cisco Bug ID CSCso64762 and has
been assigned Common Vulnerabilities and Exposures (CVE) ID
CVE-2008-2060.
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerabilities in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding
CVSS at:
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at:
http://intellishield.cisco.com/security/alertmanager/cvss
CSCso64762 - IPS Jumbo frame not processed properly
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Medium
Authentication - None
Confidentiality Impact - Partial
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official Fix
Report Confidence - Confirmed
Impact
======
Successful exploitation of the vulnerability may result in a network
denial of service condition. A power cycle is required to recover
operation. An attacker may be able to evade access controls and
detection of malicious activity in the case of Cisco IPS 4260/4270
platforms that have hardware bypass configured to pass traffic in the
event of a kernel panic.
Software Versions and Fixes
===========================
When considering software upgrades, also consult
http://www.cisco.com/go/psirt and any subsequent advisories to
determine exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the
devices to be upgraded contain sufficient memory and that current
hardware and software configurations will continue to be supported
properly by the new release. If the information is not clear, contact
the Cisco Technical Assistance Center (TAC) or your contracted
maintenance provider for assistance.
This vulnerability is fixed in Cisco IPS versions 5.1(8)E2 and 6.0(5)
E2 that are expected to be available for download by June 20, 2008.
Fixed software Cisco IPS version 5.1(8)E2 will be available at the
following link:
http://www.cisco.com/pcgi-bin/tablebuild.pl/ips5?psrtdcat20e2
Fixed software Cisco IPS version 6.0(5)E2 will be available at the
following link:
http://www.cisco.com/pcgi-bin/tablebuild.pl/ips6?psrtdcat20e2
Workarounds
===========
To workaround this vulnerability, administrators can disable jumbo
Ethernet support on routers and switches directly that are connected
to vulnerable Cisco IPS platforms. This workaround may produce a
negative performance impact in certain environments. Administrators
are encouraged to upgrade to fixed software.
For more information about configuring Jumbo frames on Cisco
switches, please reference the following link:
http://www.cisco.com/en/US/products/hw/switches/ps700/products_configuration_example09186a008010edab.shtml
Obtaining Fixed Software
========================
Cisco has released free software updates that address these
vulnerabilities. Prior to deploying software, customers should
consult their maintenance provider or check the software for feature
set compatibility and known issues specific to their environment.
Customers may only install and expect support for the feature sets
they have purchased. By installing, downloading, accessing or
otherwise using such software upgrades, customers agree to be bound
by the terms of Cisco's software license terms found at
http://www.cisco.com/en/US/products/prod_warranties_item09186a008088e31f.html,
or as otherwise set forth at Cisco.com Downloads at
http://www.cisco.com/public/sw-center/sw-usingswc.shtml.
Do not contact psirt@cisco.com or security-alert@cisco.com for
software upgrades.
Customers with Service Contracts
+-------------------------------
Customers with contracts should obtain upgraded software through
their regular update channels. For most customers, this means that
upgrades should be obtained through the Software Center on Cisco's
worldwide website at http://www.cisco.com.
Customers using Third Party Support Organizations
+------------------------------------------------
Customers whose Cisco products are provided or maintained through
prior or existing agreements with third-party support organizations,
such as Cisco Partners, authorized resellers, or service providers
should contact that support organization for guidance and assistance
with the appropriate course of action in regards to this advisory.
The effectiveness of any workaround or fix is dependent on specific
customer situations, such as product mix, network topology, traffic
behavior, and organizational mission. Due to the variety of affected
products and releases, customers should consult with their service
provider or support organization to ensure any applied workaround or
fix is the most appropriate for use in the intended network before it
is deployed.
Customers without Service Contracts
+----------------------------------
Customers who purchase direct from Cisco but do not hold a Cisco
service contract, and customers who purchase through third-party
vendors but are unsuccessful in obtaining fixed software through
their point of sale should acquire upgrades by contacting the Cisco
Technical Assistance Center (TAC). TAC contacts are as follows:
* +1 800 553 2447 (toll free from within North America)
* +1 408 526 7209 (toll call from anywhere in the world)
* e-mail: tac@cisco.com
Customers should have their product serial number available and be
prepared to give the URL of this notice as evidence of entitlement to
a free upgrade. Free upgrades for non-contract customers must be
requested through the TAC.
Refer to http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml
for additional TAC contact information, including localized telephone
numbers, and instructions and e-mail addresses for use in various
languages.
Exploitation and Public Announcements
=====================================
The Cisco PSIRT is not aware of any public announcements or malicious
use of the vulnerability described in this advisory.
This vulnerability was reported to Cisco by HD Moore of BreakingPoint
Systems.
Status of this Notice: FINAL
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that
omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain
factual errors.
Distribution
============
This advisory is posted on Cisco's worldwide website at:
http://www.cisco.com/warp/public/707/cisco-sa-20080618-ips.shtml
In addition to worldwide web posting, a text version of this notice
is clear-signed with the Cisco PSIRT PGP key and is posted to the
following e-mail and Usenet news recipients:
* cust-security-announce@cisco.com
* first-teams@first.org
* bugtraq@securityfocus.com
* vulnwatch@vulnwatch.org
* cisco@spot.colorado.edu
* cisco-nsp@puck.nether.net
* full-disclosure@lists.grok.org.uk
* comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the above URL for any updates.
Revision History
================
+---------------------------------------+
| Revision | | Initial |
| 1.0 | 2008-June-18 | public |
| | | release. |
+---------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html.
This includes instructions for press inquiries regarding Cisco security
notices. All Cisco security advisories are available at
http://www.cisco.com/go/psirt.
-----BEGIN PGP SIGNATURE-----
iD8DBQFIWTYs86n/Gc8U/uARAn3FAKCIkVy8TfwwoKE3pFjMfRMyZN4+SACghKEB
Vb2Ngh4ALQrSRsWdWiy/2u4=
=IvlU
-----END PGP SIGNATURE-----
VAR-200811-0235 | CVE-2008-5121 | Deterministic Network Enhancer privilege escalation vulnerability |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 through 3.21.7.17464, as used in (1) Cisco VPN Client, (2) Blue Coat WinProxy, and (3) SafeNet SoftRemote and HighAssurance Remote, allows local users to gain privileges via a crafted DNE_IOCTL DeviceIoControl request to the \\.\DNE device interface. Deterministic Network Enhancer (DNE) Contains an elevation of privilege vulnerability. As a result, local users Windows Arbitrary code may be executed with kernel privileges. Deterministic Networks Provided by Deterministic Network Enhancer (DNE) Is Microsoft Windows This product is an extension of the network stack. DNE Is Cisco VPN Client It is used by multiple products. DNE Driver dne2000.sys Contains an elevation of privilege vulnerability. For details, refer to the information provided by each vendor.Local users Windows Arbitrary code may be executed with kernel privileges. Successful attacks will completely compromise affected computers.
DNE 'dne2000.sys' 2.21.7.233 to 3.21.8 are vulnerable; other versions may also be affected. There is a loophole in the implementation of the DNE driver.
The vulnerability is reported in dne2000.sys versions 2.21.7.233 to
3.21.7.17464.
SOLUTION:
Grant only trusted users access to affected systems.
PROVIDED AND/OR DISCOVERED BY:
mu-b
ORIGINAL ADVISORY:
http://www.digit-labs.org/files/exploits/dne2000-call.c
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200806-0162 | CVE-2008-2707 | Sun Solaris of e1000g Service disruption in drivers (DoS) Vulnerabilities |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in the e1000g driver in Sun Solaris 10 and OpenSolaris before snv_93 allows remote attackers to cause a denial of service (network connectivity loss) via unknown vectors. Sun Solaris of e1000g The driver has a service disruption (DoS) Vulnerabilities exist.Service disruption by a malicious local user (DoS) There is a possibility of being put into a state.
An attacker can exploit this issue to block all inbound network packets on the affected system, resulting in a denial-of-service condition.
This issue affects Solaris 10 and OpenSolaris for SPARC and x86 platforms. This can be exploited to block all incoming
traffic to the system.
SOLUTION:
Apply patches.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238250-1
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200806-0345 | CVE-2008-2743 | Xerox 4110 Such as Copier/Printers Embedding Web Server cross-site scripting vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in the embedded web server in Xerox 4110, 4590, and 4595 Copier/Printers allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. The webserver in multiple Xerox copier/printer models is prone to an unspecified HTML-injection vulnerability because it fails to properly sanitize user-supplied input.
Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.
The following Xerox copier/printer models are affected:
Xerox 4110
Xerox 4590
Xerox 4595. ----------------------------------------------------------------------
Want a new job?
http://secunia.com/secunia_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
International Partner Manager - Project Sales in the IT-Security
Industry:
http://corporate.secunia.com/about_secunia/64/
----------------------------------------------------------------------
TITLE:
Xerox Copier/Printer Products Web Server Unspecified Script Insertion
SECUNIA ADVISORY ID:
SA30639
VERIFY ADVISORY:
http://secunia.com/advisories/30639/
CRITICAL:
Less critical
IMPACT:
Cross Site Scripting
WHERE:
>From local network
OPERATING SYSTEM:
Xerox 4110 Copier/Printer
http://secunia.com/product/19057/
Xerox 4590 Copier/Printer
http://secunia.com/product/19056/
Xerox 4595 Copier/Printer
http://secunia.com/product/19058/
DESCRIPTION:
A vulnerability has been reported in some Xerox Copier/Printer
products, which can be exploited by malicious people to conduct
script insertion attacks.
Certain unspecified input in the Web Server is not properly sanitised
before being used.
The vulnerability affects the following products:
* Xerox 4110 Copier/Printer
* Xerox 4590 Copier/Printer
* Xerox 4595 Copier/Printer
SOLUTION:
Apply updates (see vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY:
The vendor credits Louhi Networks.
ORIGINAL ADVISORY:
XRX08-007:
http://www.xerox.com/downloads/usa/en/c/cert_XRX08_007.pdf
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200806-0031 | CVE-2008-2639 |
Citect SCADA ODBC Server Remote Stack Overflow Vulnerability
Related entries in the VARIoT exploits database: VAR-E-200806-0107, VAR-E-200806-0108 |
CVSS V2: 7.6 CVSS V3: - Severity: HIGH |
Stack-based buffer overflow in the ODBC server service in Citect CitectSCADA 6 and 7, and CitectFacilities 7, allows remote attackers to execute arbitrary code via a long string in the second application packet in a TCP session on port 20222. Citect Made by company CitectSCADA Contains a buffer overflow vulnerability. Citect CitectSCADA Is SCADA (Supervisory Control And Data Acquisition) Software used for monitoring and control in the system. CitectSCADA Contains a buffer overflow vulnerability because it cannot properly handle crafted requests from clients.Arbitrary code is executed by a remote party or service operation is interrupted (DoS) There is a possibility of being attacked.
Citect SCADA and CitectFacilities include ODBC server functionality to provide remote SQL access to relational databases. The ODBC server component listens to client requests from the network on the port 20222 / tcp by default. The application layer protocol on TCP reads the 4-byte initial message to specify the length of the data in the next message, and then sockets from the same TCP. Word reads the next message of this length, where the first 5 bytes are a fixed header. After the second message in the network is read into the buffer, the data is copied to a fixed-size internal buffer on the stack.
Due to the lack of a correct length check of the data read, memory copy operations using fixed-size target buffers allocated on the stack may overflow, allowing unauthenticated remote attackers to execute arbitrary instructions on the vulnerable system . CitectSCADA is prone to a remote stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.
Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks will likely cause denial-of-service conditions. ----------------------------------------------------------------------
Want a new job?
http://secunia.com/secunia_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
International Partner Manager - Project Sales in the IT-Security
Industry:
http://corporate.secunia.com/about_secunia/64/
----------------------------------------------------------------------
TITLE:
Citect Products ODBC Server Component Buffer Overflow
SECUNIA ADVISORY ID:
SA30638
VERIFY ADVISORY:
http://secunia.com/advisories/30638/
CRITICAL:
Moderately critical
IMPACT:
DoS, System access
WHERE:
>From local network
SOFTWARE:
CitectFacilities 7.x
http://secunia.com/product/19043/
CitectSCADA 6.x
http://secunia.com/product/19041/
CitectSCADA 7.x
http://secunia.com/product/19042/
DESCRIPTION:
Core Security Technologies has reported a vulnerability in
CitectSCADA and CitectFacilities, which can be exploited by malicious
people to cause a DoS (Denial of Service) or compromise a vulnerable
system.
The vulnerability is reported in the following versions:
* CitectSCADA v6
* CitectSCADA v7
* CitectFacilities v7
SOLUTION:
Contact the vendor for patches.
PROVIDED AND/OR DISCOVERED BY:
Sebasti\xe1n Mu\xf1iz, Core Security Technologies
ORIGINAL ADVISORY:
CORE-2008-0125:
http://www.coresecurity.com/index.php5?module=ContentMod&action=item&id=2186
OTHER REFERENCES:
US-CERT VU#476345:
http://www.kb.cert.org/vuls/id/476345
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
~ Core Security Technologies - CoreLabs Advisory
~ http://www.coresecurity.com/corelabs/
~ CitectSCADA ODBC service vulnerability
*Advisory Information*
Title: CitectSCADA ODBC service vulnerability
Advisory ID: CORE-2008-0125
Advisory URL: http://www.coresecurity.com/?action=item&id=2186
Date published: 2008-06-11
Date of last update: 2008-06-10
Vendors contacted: Citect
Release mode: Coordinated release
*Vulnerability Information*
Class: Buffer overflow
Remotely Exploitable: Yes
Locally Exploitable: Yes
Bugtraq ID: 29634
CVE Name: CVE-2008-2639
*Vulnerability Description*
Citect is a supplier of industrial automation software with headquarters
in Australia and over 20 offices in Oceania, South East Asia, China,
Japan, the Americas, Europe, Africa and the Middle East. Citect's
products are distributed in over 80 countries through a network of more
than 500 partners. According to Citect's website [1] the company, a
fully owned subsidiary of Schneider Electric, has more than 150,000
licenses of its software sold to date. Citect's products are used by
organizations worldwide in numerous industries including Aerospace &
Defense, Oil & Gas, Power/Utilities, Chemical, Pharmaceutical,
Manufacturing and others. with an integrated Human Machine Interface
(HMI) / SCADA solution to deliver a scalable and reliable control and
monitoring system. The system is composed by software installed on
standard computer equipment running on commercial-of-the-shelf Microsoft
Windows operating systems. To
accomplish such goal the would-be attacker must be able to connect to
the vulnerable service on a TCP high-port.
*Vulnerable Packages*
. CitectSCADA v6
. CitectSCADA v7
. CitectFacilities v7
*Non-vulnerable Packages*
. Contact the vendor for fixed versions of the product.
*Vendor Information, Solutions and Workarounds*
In general process control networks should be physically isolated from
corporate or other publicly accessible data networks as such an isolated
network will limit the exposure of systems with network facing
vulnerabilities only to accidental disruption or potentially malicious
users or systems within the process control network itself.
However, if physical isolation of the process control network is not
feasible it is strongly recommended to enforce and monitor strict
network access control mechanisms to verify that only the absolute
minimal required set of systems from both within and outside the process
control network are allowed to connect to any systems within the process
control network. In this particular case, access control mechanisms on
both end-systems and network boundary devices such as firewalls and
IPSes must ensure that only hardened and trusted systems from that
minimal set can connect to systems in the process control network
running potentially vulnerable software. Nonetheless systems on that
minimal set must still be considered potential attack vectors into the
process control network and should they become compromised, providers of
transitive trust from the process control network to external untrusted
systems.
Besides the recommendation of a secure network architecture with strict
network access control measures, OS hardening and other sound system
administration practices a specific workaround for the vulnerability
reported in this advisory is provided below.
The vulnerability is located in the ODBC server service, vulnerable
organizations that do not require ODBC connectivity may disable the
service with no adverse effects to the CitectSCADA software.
Installations that require ODBC connectivity to SQL databases,
spreadsheets, etc. will suffer loss of connection with ODBC data sources
if this workaround is applied. Vulnerable organizations should obtain
positive verification that ODBC connectivity is not necessary in their
installation and prepare appropriate contingency procedures before the
workaround is applied.
Vendor statement:
CitectSCADA is not designed to be accessible on public networks and
recommends that the SCADA and control networks be protected by firewall
or similar on live sites.
The system must be network hardened regardless of the corrupt packet
software change to ensure a secure system given the likelihood that on
the same network are open industry standard protocol devices perhaps
communicating via ethernet.
Please follow this link on Citect website under "Industries and
Solutions" for security, that provides some information for customers
interested in securing their SCADA systems:
http://www.citect.com/index.php?option=com_content&task=view&id=186&Itemid=322
*Credits*
This vulnerability was discovered and researched by Sebastian Mu\xf1iz from
the Core IMPACT Exploit Writers Team (EWT) at Core Security
Technologies. Exploitation was further investigated by Nicolas Economou
also from the Core IMPACT Exploit Writers Team (EWT).
Core would also like to thank Paul Fahey of AusCERT, Gaston Franco and
Patricia Prandini of ArCERT and Art Manion and Chris Taschner of CERT/CC
for their assistance during the vulnerability reporting process.
This bug is a textbook example of a classic stack-based buffer overflow
that can be exploited by overwriting the return address of the currently
running thread. The following binary excerpt shows the nature of the
problem:
/-----------
~ .text:0051BC33 loc_51BC33:
~ .text:0051BC33 lea ecx, [ebp+pDestBuffer]
~ .text:0051BC39 push ecx ; stack based buffer
~ .text:0051BC3A mov edx, [ebp+arg_0]
~ .text:0051BC3D push edx ; class that contains packet
~ .text:0051BC3E call sub_52125A ; memcpy
- -----------/
*Report Timeline*
. 2008-01-30:
Initial contact mail sent by Core to Citect's support team. 2008-01-30:
Additional mail sent to Citect support team asking for a software
security contact at Citect. 2008-01-30:
Email from Citect's support team acknowledging notification and
requesting information in plaintext. 2008-02-06:
Core sends the draft advisory, including proof of concept code to
demonstrate the vulnerability. 2008-02-28:
Core requests a response from the vendor and asks for the vendor's plan
to release fixes to vulnerable products. 2008-03-06:
Email from the vendor's technical architect confirms reception of the
report and indicating that there are not concerns around publication of
a security advisory disclosing the vulnerability. The vendor asks for a
phone conference to ensure that both Core and Citect have a common
understanding of the issue and expresses the possibility of adding
additional information to the advisory. The vendor also states that it
will formulate a plan for handling this issue. 2008-03-12:
Core asks to continue the discussion concerning the vulnerability by
mail so as to have all the involved parties informed simultaneously and
all communications documented. Core requests confirmation that the
vendor has been able to reproduce the vulnerability and requests details
concerning the plan to release fixes and asks for the additional
information that the vendor would like to include in the advisory (in
the "vendor information" section). Core reminds the vendor that the
original publication date of the advisory was February 25th and states
that the publication of the advisory is now re-scheduled to March 24th
because fixed versions were not available at the date initially scheduled. 2008-03-25:
Vendor confirms that it reproduced and identified the vulnerability and
indicates that the official stance is that CitectSCADA is not designed
to be accessible on public networks and recommends that SCADA and
control networks are protected by firewalls and other security measures
on live sites. The vendor also states that it has no immediate plans to
support CitectSCADA on public networks but is investigating the
possibility of having a security audit of the product. 2008-03-25:
Core notifies the vendor the intention to release the advisory on March
26th given that the vendor has no immediate plans for fixing the
vulnerability. 2008-03-26:
Core consults under NDA with a process control security expert to obtain
a better understanding of the scope and impact of the vulnerability. The
specific technical details about the vulnerability are not disclosed,
only the general type of bug and the specific TCP port on which the
vulnerable service listens are discussed. 2008-04-02:
Core revisits its current plan to disclose the vulnerability and decides
to get Computer Emergency Response Teams (CERTs) involved in the
process. Core notifies the vendor that it will postpone the publication
of the advisory, and that it will contact the Computer Emergency
Response Teams (CERTs) of countries were Core has physical offices
(Argentina and USA) and the country were Citect has its headquarters
(Australia). Core will then determine the contents and date of
publication for the security advisory based on further communication
with the vendor and CERTs and more precise details that the vendor may
provide regarding availability of fixes. 2008-04-02:
Core notifies the vendor that it will contact the CERTs of Australia,
USA and Argentina. Core reminds the vendor that the vulnerability
reported is a classic example of a stack-based buffer overflow bug
trivial to exploit in present times and that although the previous email
from the vendor provided a vague statement indicating that "the scenario
is under consideration for the next release", to date there has not been
any concrete details about development and release of fixes or a firm
commitment to any specific date to release them. 2008-04-08:
Core sends an initial notification to AusCERT, CERT/CC and ArCert
including a draft advisory describing the bug and the vendor's contact
information, requesting an acknowledgement within 2 working days. 2008-04-08:
AusCERT acknowledges reception of the advisory
. 2008-04-09:
ArCERT acknowledges reception of the advisory
. 2008-04-10:
CERT/CC acknowledges reception of the advisory on a phone call
. 2008-04-10:
AusCERT notifies Core that so far it has not been able to contact the
vendor and asks for approval to disseminate the information to the
Australian government and other national and international entities
overlooking national infrastructure security. AusCERT also asks if CORE
intends to publish the advisory and if so requests some time to be able
to notify affected organizations. Meanwhile AusCERT indicates that it
will continue to try to work with the vendor. 2008-04-10:
Core responds that it has no problems with AusCERT notifying other
parties that may be able to better prepare risk mitigation procedures
and/or work more closely with the vendor towards development and release
of a fix. However, Core asks to keep the dissemination of the
information to a minimum in order to avoid a potential leak. Core
indicates that it has asked the vendor to provide concrete details about
how and when it plans to address the issue and that based on the
response to that question it will determine a publication date for the
security advisory. Lacking a response from the vendor, Core will
determine the publication date based on the feedback received from the
CERTs and the progress of their preparations to address the report. 2008-04-10:
AusCERT asks if it is ok to contact other CERTs and international
government communities to make them aware of the issue and to ensure
everyone is prepared when the report is published. 2008-04-10:
Core response indicating that it is ok to contact any organization that
AusCERT deems relevant for the stated purpose
. 2008-04-10:
ArCert reports that it will start gathering information about
appropriate organizations in Argentina to report the problem and start
contacting them. 2008-04-11:
CERT/CC reports that US-CERT has been made aware of the issue and will
be kept updated going forward. If AusCERT is already in contact with the
vendor CERT/CC will standby and follow AusCERT's lead. 2008-04-14:
AusCERT reports that after several communication attempts the vendor
said that it will address the issue in the next release of the product
(by mid-year) and release a patch in a couple of months. However, the
information is not to be considered an official statement and there is
no official indication of a plan to provide immediate resolution. 2008-04-14:
CERT/CC asks if Core will publish the advisory before mid-year and
states concerns about the potential time elapsed between advisory
publication and release of the fix. CERT/CC will likely put out
information soon after Core does and expresses its interest to receive
more information from the vendor regarding their response plan. 2008-04-14:
AusCERT notes that Core has given the CERTs the time to notify possibly
affected organizations before the report is published and requests any
specific questions to be asked to the vendor. 2008-04-14:
Core states that it is entirely possible to re-visit the publication
date of the report (which has been done twice so far) but to do so Core
requires concrete details and a committed date for the release of a fix
noting that it wasn't until AusCERT's email from April 14th that the
possibility that the vendor would release of a patch seemed realistic.
Core is willing to postpone publication of the report provided that the
vendor commits to release a fix no later than June 30th (the upper bound
to the promised mid-year deadline indicated by the vendor). Core also
reminds the CERTs that its intent in notifying them of the bug was to
help to coordinate a way to address the bug should an official patch or
fix is not made available by the vendor. 2008-04-24:
Core sends an email to the 3 CERTs requesting a status update and any
further details about the availability of fixes. Core would like to set
a final date for the publication of its report. 2008-04-28:
AusCERT indicates that after several calls and messages, the vendor has
stated that it does not publish specific release schedules for updates
and does not indicate what will or will not be their contents and that
once a release is finalized all relevant materials are updated to
reflect that fact. AusCERT asks about Core's plans regarding the issue. 2008-04-28:
CERT/CC suggests that in light of the vendor statement one last effort
should be attempted, setting a date for publication one or two weeks
into the future and presenting the final drafts of the report to the vendor. 2008-04-28:
Core sets the advisory publication date to May 12th and indicates to the
three CERTs that the date is considered final unless concrete details
about a patch release schedule are communicated no later than May 8th.
The vendor has already been sent drafts of the advisory, the last one
sent on March 25th, and Core has little confidence that the current
status process will change in a positive manner. Core will consider the
time up to May 12th as a period to finalize the preparation of guidance
documents about how to deal with the issue without an official fix
available. Should such a document be provided, Core is willing and open
to include its recommendations in the security advisory. 2008-05-06:
Core informs the CERTs that it is still editing its security advisory
and that once the final draft is ready it will be sent for review to the
vendor and the CERTs before it is published. Core informs that it will
also issue a press release disclosing the issue and invites spokesmen
from any of the CERTs to participate with a quote should they want to do so. 2008-05-08:
CERT/CC acknowledges Core's email and thanks for the update indicating
that it will not participate in a press release. 2008-05-14:
Core sends its final draft of the security advisory to Citect and the 3
CERTs indicating that the publication date is set to May 19th, 2008 at
approximately 3pm UTC. Should the vendor or the CERTS have any official
comments or statements or workarounds that they would like to be
included in Core's advisory they must be provided them by email no later
than Friday May 16th 2008 at 9pm (UTC). 2008-05-15:
Email from the vendor indicating the Citect has allocated resources to
address the issue and is pleased to advise that a patch will be
available by the end of May. The vendor assumes that publication of the
advisory will be postponed given Core's previous email from April 14th
stating that it is willing to review the publication date if the vendor
commits to releasing a fix no later than June 30th. 2008-05-16:
Email from CERT/CC asking about Core's plan to publish the advisory and
stating that CERT/CC is inclined to hold off publication for a couple of
weeks provided that Core does the same. JPCERT has been informed of the
vulnerability to prepare for the upcoming disclosure. 2008-05-16:
Core sends email to Citect and the three CERTs stating that publication
of the advisory has been re-scheduled to June 2nd 2008 and reiterating
that should the vendor want to include additional information or
specific pointers to the patch it should be provided at least a day in
advance. 2008-05-28:
Core sends a follow up to the email sent on May 16th requesting
confirmation that Citect is on track to release fixes for the
vulnerability. Core had re-scheduled publication of the security
advisory to June 2nd, 2008 (next Monday) and wants to confirm that
software fixes will be ready to roll out and to provide the opportunity
to include in the advisory any official guidelines on how to obtain them
and/or any alternative workarounds to the problem. Specific questions
about the potential workaround of disabling the vulnerable service are
sent to the vendor as well as a request to provide a list of both
vulnerable and not vulnerable packages. This information should be
received no later than Friday June 30th, 2008 at 1pm UTC. 2008-06-01:
Email received from the vendor stating: "The fix is on track and is
currently in code review and testing stage. We will advise when and how
the patch will be released". 2008-06-01:
Core asks if the vendor has a concrete estimated date for the patch
release. It is noted that publication of the security advisory was
re-scheduled to June 2nd, 2008 on the basis of the vendor's commitment
to release fixes "by the end of May" as indicated in the vendor's email
from May 15th 2008. May is already past and Core still has no concrete
details about when and how the fixes will be available. Core also notes
that the previous email from May 28th 2008 had specific questions that
may help craft guidance and recommendations for vulnerable organizations
to mitigate risk due to the vendor's software security exposure and asks
if the vendor is able to provide answers to those specific inquires.
Core also states that it would like to discuss with the CERTs any
specific details and information about their plans to address this issue
in the upcoming week. In the absence of concrete fix details and
workarounds from the vendor Core would like to coordinate with CERTs the
dissemination of information to help reduce risk to vulnerable
organizations worldwide. 2008-06-01:
AusCERT indicates that it's ready for the publication and that it will
publish its own report after Core has done so. 2008-06-04:
Email from CERT/CC asking for a status update from Core and noting that
neither the vendor patches nor Core's advisory have been published by
June 2nd as planned. CERT/CC is ready to publish information about the
issue and is willing to do so on Core's timetable. 2008-06-04:
Citect informs that the patch for the reported issue has been completed
at the code level and is being QA tested. The timing of software
releases is a company commercial decision, and no guarantee of delivery
dates is given. However, the vendor anticipates the patch will be
published on its website in the next day or so, assuming QA approval is
given. The vendor informs that the suggested workaround of disabling
the ODBC server is viable for users that do not need this functionality
(most users of CitectSCADA) and would not affect the operation of the
software in any other way.
The vendor states that "Although this patch will be made available to
our supported customers, Citect maintains the stated stance that under
NO circumstances should any SCADA/PLC/DCS/RTU/Process Control network
should ever be exposed unprotected to the internet. The network should
either be securely firewalled or better still isolated, or otherwise
protected using approved IT security methodology. Citect has previously
published security recommendations in a whitepaper located on our
website at
http://www.citect.com/documents/whitepapers/SCADA%20Security%20Whitepaper.pdf
"SECURING AN INTEGRATED SCADA SYSTEM - Network Security & SCADA Systems
Whitepaper". The vendor also indicates that "copies of the security
alert report appear to have been circulated before the advised date of
publication, contrary to the undertaking given to Citect."
. 2008-06-04:
Core's email to Citect, AusCERT, CERT/CC and ArCert informing them that
publication of the security advisory has now been re-scheduled to June
11th 2008. The date is final. The advisory will include references to
the vendor's security recommendations and white paper as well as the
proposed workaround. Core also indicates that to date the company has
not published any report about the issue and has no indication of any
such reports circulating "in the wild" but cannot discard that as a
possibility given that the vendor's lack of proper secure communications
procedures forced all the involved parties to communicate without any
form of email encryption and that those communications have occurred
over a public network such as the Internet for a period of over 4 months. 2008-06-04:
Email from CERT/CC indicating that it will too publish a report on June
11th also noting the importance of sound system administration practices
such as disabling unneeded features and a secure network architecture.
CERT/CC agrees on the need of isolated or otherwise secured process
control networks but indicates that in practice that is not always the
case. Further information about any potential information leak is requested. 2008-06-10:
Final draft of the advisory sent to Citect and CERTs, asking for
confirmation that patches are now available. 2008-06-10:
Citect confirms that patches are available to customers upon request and
reiterates that the vendor's official stance is that the control network
must be secured, and customers requesting the patch will be offered
advice and links on how to do this. 2008-06-10:
CERT/CC asks for any official guidance or wording that could be used in
documents to direct readers appropriately. For example, an URL to a
support/contact web site, or a case number. 2008-06-11:
Security advisory CORE-2008-0125 published.
*References*
[1] Citect Corporate Profile
http://www.citect.com/index.php?option=com_content&task=view&id=94&Itemid=151
*About CoreLabs*
CoreLabs, the research center of Core Security Technologies, is charged
with anticipating the future needs and requirements for information
security technologies. We conduct our research in several important
areas of computer security including system vulnerabilities, cyber
attack planning and simulation, source code auditing, and cryptography.
Our results include problem formalization, identification of
vulnerabilities, novel solutions and prototypes for new technologies.
CoreLabs regularly publishes security advisories, technical papers,
project information and shared software tools for public use at:
http://www.coresecurity.com/corelabs/.
*About Core Security Technologies*
Core Security Technologies develops strategic solutions that help
security-conscious organizations worldwide develop and maintain a
proactive process for securing their networks. The company's flagship
product, CORE IMPACT, is the most comprehensive product for performing
enterprise security assurance testing. CORE IMPACT evaluates network,
endpoint and end-user vulnerabilities and identifies what resources are
exposed. It enables organizations to determine if current security
investments are detecting and preventing attacks. Core augments its
leading technology solution with world-class security consulting
services, including penetration testing and software security auditing.
Based in Boston, MA and Buenos Aires, Argentina, Core Security
Technologies can be reached at 617-399-6980 or on the Web at
http://www.coresecurity.com.
*Disclaimer*
The contents of this advisory are copyright (c) 2008 Core Security
Technologies and (c) 2008 CoreLabs, and may be distributed freely
provided that no fee is charged for this distribution and proper credit
is given.
*GPG/PGP Keys*
This advisory has been signed with the GPG key of Core Security
Technologies advisories team, which is available for download at
http://www.coresecurity.com/files/attachments/core_security_advisories.asc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkhP2lEACgkQyNibggitWa29yQCdHfYtgLzOvys9Msi95eqF8H/X
ADEAoKB9r52U9KXlEvBn5GgCaqXqC8OG
=5qtX
-----END PGP SIGNATURE-----
VAR-200806-0101 | CVE-2008-2674 | Fujitsu Interstage Application Server Interstage Management Console Arbitrary File Read/Delete Vulnerability |
CVSS V2: 6.4 CVSS V3: - Severity: MEDIUM |
Unspecified vulnerability in the Interstage Management Console, as used in Fujitsu Interstage Application Server 6.0 through 9.0.0A, Apworks Modelers-J 6.0 through 7.0, and Studio 8.0.1 and 9.0.0, allows remote attackers to read or delete arbitrary files via unspecified vectors.
Very few technical details are currently available. We will update this BID as more information emerges.
Please see the vendor's advisory for a list of affected products and
versions.
SOLUTION:
Please see the vendor's advisory for workaround details.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.fujitsu.com/global/support/software/security/products-f/interstage-200805e.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200806-0575 | CVE-2008-0960 |
SNMPv3 improper HMAC validation allows authentication bypass
Related entries in the VARIoT exploits database: VAR-E-200806-0300 |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte. SNMPv3 The implementation of contains an authentication bypass vulnerability because it does not properly handle crafted packets. SNMP (Simple Network Management Protocol) Is a widely used protocol for monitoring and managing network devices. SNMPv3 Supports security features such as authentication and privacy control. SNMPv3 In the authentication of HMAC (keyed-Hash Message Authentication Code) Is used. This code is generated by combining a private key and a cryptographic hash function. SNMPv3 Depending on the implementation of, there is a possibility that authentication may be bypassed by processing specially crafted packets due to vulnerability in authentication processing.By remote third party SNMP The object may be read or modified. Net-SNMP is prone to a remote authentication-bypass vulnerability caused by a design error.
Successfully exploiting this issue will allow attackers to gain unauthorized access to the affected application.
Net-SNMP 5.4.1, 5.3.2, 5.2.4, and prior versions are vulnerable. The software is used to monitor network equipment, computer equipment, UPS equipment, etc. An attacker could exploit this vulnerability to read and modify any SNMP object accessible using the authenticated credentials logged into the system. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: SNMP Version 3 Authentication
Vulnerabilities
Document ID: 107408
Advisory ID: cisco-sa-20080610-snmpv3
http://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtml
Revision 1.0
For Public Release 2008 June 10 1600 UTC (GMT)
- ---------------------------------------------------------------------
Summary
=======
Multiple Cisco products contain either of two authentication
vulnerabilities in the Simple Network Management Protocol version 3
(SNMPv3) feature. These vulnerabilities can be exploited when
processing a malformed SNMPv3 message. These vulnerabilities could
allow the disclosure of network information or may enable an attacker
to perform configuration changes to vulnerable devices. The SNMP
server is an optional service that is disabled by default in Cisco
products. Only SNMPv3 is impacted by these vulnerabilities.
Workarounds are available for mitigating the impact of the
vulnerabilities described in this document.
The United States Computer Emergency Response Team (US-CERT) has
assigned Vulnerability Note VU#878044 to these vulnerabilities.
Common Vulnerabilities and Exposures (CVE) identifier CVE-2008-0960
has also been assigned to these vulnerabilities.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtml
Affected Products
=================
Vulnerable Products
+------------------
The following Cisco products are vulnerable.
* Cisco IOS
* Cisco IOS-XR
* Cisco Catalyst Operating System (CatOS)
* Cisco NX-OS
* Cisco Application Control Engine (ACE) Module
* Cisco ACE Appliance
* Cisco ACE XML Gateway
* Cisco MDS 9000 Series Multilayer Fabric Switches
Note: The SNMP server is disabled by default. These vulnerabilities
only impact devices that are configured for SNMPv3.
To determine the version of SNMP configured in Cisco IOS, CatOS and
IOS-XR, log in to the device and issue the show snmp group command.
The security model field indicates the version of SNMP configured.
The output "usm" is the abbreviation for user-based security model
and this indicates SNMPv3 is configured.
Cisco IOS
router#show snmp group
groupname: test security model:v3 noauth
readview : v1default writeview: <no writeview specified>
notifyview: <no notifyview specified>
row status: active
Cisco CatOS
5500-1 (enable) show snmp group
Security Model: v3
Security Name: userv3
Group Name: groupv3
Storage Type: nonvolatile
Row Status: active
Cisco IOS-XR
RP/0/RP0/CPU0:ios#show snmp group
groupname: test security model:usm
readview : v1default writeview: -
notifyview: v1default
row status: nonVolatile
IronPort
+-------
IronPort C-Series, X-Series, and M-Series appliances utilize code
covered by this advisory, but are not susceptible to any security
risk. IronPort C-Series, X-Series, and M-Series incorporate the
libraries under the advisory to provide anonymous read-only access to
system health data. There is no risk of escalated authorization
privileges allowing a 3rd party to make any configuration changes to
the IronPort devices. IronPort S-Series and Encryption Appliances are
not affected by this advisory. This announcement has also been posted
on the IronPort Support Portal, available to IronPort customers:
https://supportportal.ironport.com/irppcnctr/srvcd?u=http://secure-support.soma.ironport.com/announcement&sid=900016
Products Confirmed Not Vulnerable
+--------------------------------
The following Cisco products are confirmed not vulnerable:
* Cisco PIX Security Appliances
* Cisco ASA Security Appliances
* Cisco Firewall Services Module (FWSM)
* Cisco Security Monitoring, Analysis, and Response System (MARS)
* Cisco Network Admission Control (NAC) Appliance
* CiscoWorks Wireless LAN Solution Engine (WLSE)
No other Cisco products are currently known to be affected by these
vulnerabilities.
There are three general types of SNMP operations: "get" requests to
request information, "set" requests that modify the configuration of
a remote device, and "trap" messages that provide a monitoring
function. SNMP requests and traps are transported over User Datagram
Protocol (UDP) and are received at the assigned destination port
numbers 161 and 162, respectively.
SNMPv3 provides secure access to devices by authenticating and
encrypting packets over the network. RFC2574 defines
the use of HMAC-MD5-96 and HMAC-SHA-96 as the possible authentication
protocols for SNMPv3. This advisory identifies two
vulnerabilities that are almost identical. Both are specifically
related to malformed SNMPv3 packets that manipulate the Hash Message
Authentication Code (HMAC). The two vulnerabilities may impact both
Secure Hashing Algorithm-1 (SHA-1) and Message-Digest Algorithm 5
(MD5). The vulnerabilities described in this document can be
successfully exploited using spoofed SNMPv3 packets.
These vulnerabilities are documented in the following Cisco Bug IDs:
* CSCsf04754 - IOS SNMPv3 HMAC Authentication issue
* CSCsf30109 - IOS-XR SNMPv3 HMAC Authentication issue
* CSCsf29976 - CatOS SNMPv3 HMAC Authentication issue
* CSCsq62662 - ACE XML Gw SNMPv3 HMAC Authentication issue
* CSCsq60664 - ACE Appliance SNMPv3 HMAC Authentication issue
* CSCsq60695 - ACE Module SNMPv3 HMAC Authentication issue
* CSCsq60582 - Nexus SNMPv3 HMAC Authentication issue
Note: Although multiple software defects are listed, this advisory
only identifies two vulnerabilities. Because different Cisco products
require their own fixes, additional Bug IDs have been assigned.
Vulnerability Scoring Details
=============================
Cisco has provided scores for the vulnerabilities in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding
CVSS at
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at
http://intellishield.cisco.com/security/alertmanager/cvss
CSCsf04754 - IOS SNMPv3 HMAC Authentication issue
- -----------------------------------------------------
CVSS Base Score - 10
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - Complete
Integrity Impact - Complete
Availability Impact - Complete
CVSS Temporal Score - 8.3
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
CSCsf30109 - IOS-XR SNMPv3 HMAC Authentication issue
- --------------------------------------------------------
CVSS Base Score - 10
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - Complete
Integrity Impact - Complete
Availability Impact - Complete
CVSS Temporal Score - 8.3
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
CSCsf29976 - CatOS SNMPv3 HMAC Authentication issue
- -------------------------------------------------------
CVSS Base Score - 10
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - Complete
Integrity Impact - Complete
Availability Impact - Complete
CVSS Temporal Score - 8.3
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
CSCsq62662 - ACE XML Gw SNMPv3 HMAC Authentication issue
- ------------------------------------------------------------
CVSS Base Score - 9.3
Access Vector - Network
Access Complexity - Medium
Authentication - None
Confidentiality Impact - Complete
Integrity Impact - Complete
Availability Impact - Complete
CVSS Temporal Score - 7.7
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
CSCsq60664 - ACE Appliance SNMPv3 HMAC Authentication issue
- ---------------------------------------------------------------
CVSS Base Score - 9.3
Access Vector - Network
Access Complexity - Medium
Authentication - None
Confidentiality Impact - Complete
Integrity Impact - Complete
Availability Impact - Complete
CVSS Temporal Score - 8.4
Exploitability - Functional
Remediation Level - Workaround
Report Confidence - Confirmed
CSCsq60695 - ACE Module SNMPv3 HMAC Authentication issue
- ------------------------------------------------------------
CVSS Base Score - 9.3
Access Vector - Network
Access Complexity - Medium
Authentication - None
Confidentiality Impact - Complete
Integrity Impact - Complete
Availability Impact - Complete
CVSS Temporal Score - 8.4
Exploitability - Functional
Remediation Level - Workaround
Report Confidence - Confirmed
CSCsq60582 - Nexus SNMPv3 HMAC Authentication issue
- -------------------------------------------------------
CVSS Base Score - 9.3
Access Vector - Network
Access Complexity - Medium
Authentication - None
Confidentiality Impact - Complete
Integrity Impact - Complete
Availability Impact - Complete
CVSS Temporal Score - 8.4
Exploitability - Functional
Remediation Level - Workaround
Report Confidence - Confirmed
Impact
======
Successful exploitation of these vulnerabilities could result in the
disclosure of sensitive information on a device or allow an attacker
to make configuration changes to a vulnerable device that is based on
the SNMP configuration.
Software Versions and Fixes
===========================
When considering software upgrades, also consult
http://www.cisco.com/go/psirt and any subsequent advisories to
determine exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the
devices to be upgraded contain sufficient memory and that current
hardware and software configurations will continue to be supported
properly by the new release. If the information is not clear, contact
the Cisco Technical Assistance Center (TAC) or your contracted
maintenance provider for assistance.
Each row of the Cisco IOS software table (below) names a Cisco IOS
release train. If a given release train is vulnerable, then the
earliest possible releases that contain the fix (along with the
anticipated date of availability for each, if applicable) are listed
in the "First Fixed Release" column of the table. The "Recommended
Release" column indicates the releases which have fixes for all the
published vulnerabilities at the time of this Advisory. A device
running a release in the given train that is earlier than the release
in a specific column (less than the First Fixed Release) is known to
be vulnerable. Cisco recommends upgrading to a release equal to or
later than the release in the "Recommended Releases" column of the
table.
+---------------------------------------+
| Affected | Affected | First |
| Product | Release | Fixed |
| | | Release |
|-----------------+----------+----------|
| | 6.x | 6.4(23) |
| |----------+----------|
| Cisco Catalyst | 7.x | 7.6(19) |
|Operating |----------+----------|
| System (CatOS) | 8.5.x | 8.5(7) |
| |----------+----------|
| | 8.6.x | 8.6(1) |
+---------------------------------------+
Cisco IOS XR
+-----------
The following table lists fixed Cisco IOS XR software.
+---------------------------------------------------+
| Cisco | | |
| IOS XR | SMU ID | SMU Name |
| Version | | |
|---------+------------+----------------------------|
| 3.2.2 | AA01681 | hfr-base-3.2.2.CSCsf30109 |
|---------+------------+----------------------------|
| 3.2.3 | AA01682 | hfr-base-3.2.3.CSCsf30109 |
|---------+------------+----------------------------|
| 3.2.4 | AA01683 | hfr-base-3.2.4.CSCsf30109 |
|---------+------------+----------------------------|
| 3.2.6 | AA01684 | hfr-base-3.2.6.CSCsf30109 |
|---------+------------+----------------------------|
| 3.3.0 | AA01685 | hfr-base-3.3.0.CSCsf30109 |
|---------+------------+----------------------------|
| 3.3.0 | AA01690 | c12k-base-3.3.0.CSCsf30109 |
|---------+------------+----------------------------|
| 3.3.1 | AA01686 | hfr-base-3.3.1.CSCsf30109 |
|---------+------------+----------------------------|
| 3.3.1 | AA01688 | c12k-base-3.3.1.CSCsf30109 |
|---------+------------+----------------------------|
| 3.3.2 | Not | Not vulnerable |
| | vulnerable | |
|---------+------------+----------------------------|
| 3.4.x | Not | Not vulnerable |
| | vulnerable | |
+---------------------------------------------------+
Cisco NX-OS
+----------
The following table lists fixed Cisco NX-OS software.
+----------------------------------------+
| Affected | Affected | First Fixed |
| Product | Release | Release |
|-----------+-----------+----------------|
| Cisco | | 4.0.(2) |
| NX-OS | 4.0.(1)a | Available June |
| | | 2008 |
+----------------------------------------+
Cisco ACE Products
+-----------------
The following table lists fixed Cisco Application Control Engine
(ACE) software.
+---------------------------------------+
| Affected | Affected | First |
| Product | Release | Fixed |
| | | Release |
|----------------+----------+-----------|
| | 3.0(0)A1 | |
| Cisco | (6.x) | |
| Application | | A2(1.1) |
| Control Engine | A2(1.0) | |
| (ACE) Module | | |
| | A2(1.0a) | |
|----------------+----------+-----------|
| | A1(7.0) | |
| | | |
| Cisco | A1(7.0a) | |
| Application | | |
| Control Engine | A1(7.0b) | A1(8.0a) |
| (ACE) | | |
| Appliance | A1(7.0c) | |
| | | |
| | A1(8.0) | |
|----------------+----------+-----------|
| Cisco | 4.x | |
| Application | | 6.0.1 |
| Control Engine | 5.x | Available |
| (ACE) XML | | June 2008 |
| Gateway | 6.0 | |
+---------------------------------------+
Cisco MDS software
+-----------------
The following table lists fixed Cisco MDS Multilayer Switch software.
+---------------------------------------+
| Affected | Affected | First Fixed |
| Product | Release | Release |
|-----------+-----------+---------------|
| | 2.1 | |
| Cisco MDS | | 3.4.1 |
| 9000 | 3.0 | Available |
| | | June 2008 |
| | 3.2 | |
+---------------------------------------+
Workarounds
===========
The following workarounds have been identified for these
vulnerabilities.
Infrastructure Access Control Lists
+----------------------------------
Although it is often difficult to block traffic that transits a
network, it is possible to identify traffic that should never be
allowed to target infrastructure devices and block that traffic at
the border of networks. Infrastructure Access Control Lists (iACLs)
are a network security best practice and should be considered as a
long-term addition to good network security as well as a workaround
for these specific vulnerabilities. The iACL example below should be
included as part of the deployed infrastructure access-list which
will protect all devices with IP addresses in the infrastructure IP
address range:
Note: UDP port 161 is applicable for all versions of SNMP.
!--- Permit SNMP UDP 161 packets from
!--- trusted hosts destined to infrastructure addresses.
access-list 150 permit udp TRUSTED_HOSTS MASK INFRASTRUCTURE_ADDRESSES MASK eq 161
!--- Deny SNMP UDP 161 packets from all
!--- other sources destined to infrastructure addresses.
access-list 150 deny udp any INFRASTRUCTURE_ADDRESSES MASK eq 161
!--- Permit/deny all other Layer 3 and Layer 4 traffic in accordance
!--- with existing security policies and configurations
!--- Permit all other traffic to transit the device.
access-list 150 permit ip any anyinterface serial 2/0ip access-group 150 in
The white paper entitled "Protecting Your Core: Infrastructure
Protection Access Control Lists" presents guidelines and recommended
deployment techniques for infrastructure protection access lists.
This white paper can be obtained at the following link:
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a00801a1a55.shtml
Control Plane Policing
+---------------------
Control Plane Policing (CoPP) can be used to block untrusted SNMP
access to the device. Cisco IOS software releases 12.0S, 12.2SX,
12.2S, 12.3T, 12.4, and 12.4T support the CoPP feature. CoPP can be
configured on a device to protect the management and control planes
and minimize the risk and effectiveness of direct infrastructure
attacks by explicitly permitting only authorized traffic that is sent
to infrastructure devices in accordance with existing security
policies and configurations. The following example, which uses
192.168.100.1 to represent a trusted host, can be adapted to your
network.
!--- Deny SNMP UDP traffic from trusted hosts to all IP addresses
!--- configured on all interfaces of the affected device so that
!--- it will be allowed by the CoPP feature
access-list 111 deny udp host 192.168.100.1 any eq 161
!--- Permit all other SNMP UDP traffic sent to all IP addresses
!--- configured on all interfaces of the affected device so that it
!--- will be policed and dropped by the CoPP feature
access-list 111 permit udp any any eq 161
!--- Permit (Police or Drop)/Deny (Allow) all other Layer3 and Layer4
!--- traffic in accordance with existing security policies and
!--- configurations for traffic that is authorized to be sent
!--- to infrastructure devices
!--- Create a Class-Map for traffic to be policed by
!--- the CoPP feature
class-map match-all drop-snmpv3-class
match access-group 111
!--- Create a Policy-Map that will be applied to the
!--- Control-Plane of the device.
policy-map drop-snmpv3-traffic
class drop-snmpv3-class
drop
!--- Apply the Policy-Map to the
!--- Control-Plane of the device
control-plane
service-policy input drop-snmpv3-traffic
In the above CoPP example, the access control list entries (ACEs)
that match the potential exploit packets with the "permit" action
result in these packets being discarded by the policy-map "drop"
function, while packets that match the "deny" action (not shown) are
not affected by the policy-map drop function.
Please note that the policy-map syntax is different in the 12.2S and
12.0S Cisco IOS trains:
policy-map drop-snmpv3-traffic
class drop-snmpv3-class
police 32000 1500 1500 conform-action drop exceed-action drop
Additional information on the configuration and use of the CoPP
feature is available at the following links:
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6642/prod_white_paper0900aecd804fa16a.html
and
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gtrtlimt.html
Transit Access Control Lists
+---------------------------
Filters that deny SNMP packets using UDP port 161 should be deployed
throughout the network as part of a Transit Access Control List
(tACL) policy for protection of traffic that enters the network at
ingress access points. This policy should be configured to protect
the network device where the filter is applied and other devices
behind it. Filters for SNMP packets that use UDP port 161 should also
be deployed in front of vulnerable network devices so that traffic is
only allowed from trusted clients.
Additional information about tACLs is available in "Transit Access
Control Lists: Filtering at Your Edge:"
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a00801afc76.shtml
Hardening Guide Statement
+------------------------
Customers are advised to review the "Fortifying the Simple Network
Management Protocol" section of the "Cisco Guide to Harden Cisco IOS
Devices" for information on configuring an IOS device for SNMPv3
authentication and privacy:
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080120f48.shtml#fortify
Cisco IOS authPriv Configuration
+-------------------------------
Enabling the SNMPv3 privacy subsystem (if it is not already in use)
is a short-term workaround for users who are unable to upgrade in a
timely fashion. This subsystem is used to encrypt SNMPv3 traffic
using a shared secret.
In Cisco IOS, administrators can enable this workaround by using the
authPriv SNMPv3 feature. Only Cisco IOS crypto images can run the
authPriv feature.
Note: Ensure that the management application supports SNMPv3
authPriv before implementing this feature.
Applied Mitigation Bulletin
+--------------------------
Additional mitigation techniques that can be deployed on Cisco devices
within the network are available in the Cisco Applied Intelligence
companion document for this advisory:
http://www.cisco.com/warp/public/707/cisco-amb-20080610-SNMPv3.shtml
Obtaining Fixed Software
========================
Cisco has released free software updates that address these
vulnerabilities. Prior to deploying software, customers should
consult their maintenance provider or check the software for feature
set compatibility and known issues specific to their environment.
Customers may only install and expect support for the feature sets
they have purchased. By installing, downloading, accessing or
otherwise using such software upgrades, customers agree to be bound by
the terms of Cisco's software license terms found at
http://www.cisco.com/en/US/products/prod_warranties_item09186a008088e31f.html
or as otherwise set forth at Cisco.com Downloads at
http://www.cisco.com/public/sw-center/sw-usingswc.shtml.
Do not contact psirt@cisco.com or security-alert@cisco.com for
software upgrades.
Customers with Service Contracts
+-------------------------------
Customers with contracts should obtain upgraded software through
their regular update channels. For most customers, this means that
upgrades should be obtained through the Software Center on Cisco's
worldwide website at http://www.cisco.com.
Customers using Third Party Support Organizations
+------------------------------------------------
Customers whose Cisco products are provided or maintained through
prior or existing agreements with third-party support organizations,
such as Cisco Partners, authorized resellers, or service providers
should contact that support organization for guidance and assistance
with the appropriate course of action in regards to this advisory.
The effectiveness of any workaround or fix is dependent on specific
customer situations, such as product mix, network topology, traffic
behavior, and organizational mission. Due to the variety of affected
products and releases, customers should consult with their service
provider or support organization to ensure any applied workaround or
fix is the most appropriate for use in the intended network before it
is deployed.
Customers without Service Contracts
+----------------------------------
Customers who purchase direct from Cisco but do not hold a Cisco
service contract, and customers who purchase through third-party
vendors but are unsuccessful in obtaining fixed software through
their point of sale should acquire upgrades by contacting the Cisco
Technical Assistance Center (TAC). TAC contacts are as follows.
* +1 800 553 2447 (toll free from within North America)
* +1 408 526 7209 (toll call from anywhere in the world)
* e-mail: tac@cisco.com
Customers should have their product serial number available and be
prepared to give the URL of this notice as evidence of entitlement to
a free upgrade. Free upgrades for non-contract customers must be
requested through the TAC.
Refer to http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml
for additional TAC contact information, including localized telephone
numbers, and instructions and e-mail addresses for use in various
languages.
Exploitation and Public Announcements
=====================================
Cisco is releasing this combined Cisco IOS and non-IOS product
advisory out of our normal bi-yearly IOS security advisory cycle due
to public disclosure of these vulnerabilities.
Cisco is not aware of any malicious exploitation of these
vulnerabilities.
These vulnerabilities were reported to Cisco by Dr. Tom Dunigan of
the University of Tennessee and Net-SNMP in cooperation with the CERT
Coordination Center.
Status of this Notice: FINAL
============================
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that
omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain
factual errors.
Distribution
============
This advisory is posted on Cisco's worldwide website at :
http://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtml
In addition to worldwide web posting, a text version of this notice
is clear-signed with the Cisco PSIRT PGP key and is posted to the
following e-mail and Usenet news recipients.
* cust-security-announce@cisco.com
* first-teams@first.org
* bugtraq@securityfocus.com
* vulnwatch@vulnwatch.org
* cisco@spot.colorado.edu
* cisco-nsp@puck.nether.net
* full-disclosure@lists.grok.org.uk
* comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the above URL for any updates.
Revision History
================
+---------------------------------------+
| Revision | | Initial |
| 1.0 | 2008-June-10 | public |
| | | release |
+---------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html.
This includes instructions for press inquiries regarding Cisco
security notices. All Cisco security advisories are available at
http://www.cisco.com/go/psirt.
- ---------------------------------------------------------------------
Updated: Jun 10, 2008 Document ID: 107408
- ---------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
iD8DBQFITruJ86n/Gc8U/uARAiuNAJwIq42/p8CUh7Dc88nAn9a1pfhhqgCfWXjv
8bYhCD0EKNQ28koObq4S+vQ=
=zOBL
-----END PGP SIGNATURE-----
. Summary
Updated ESX packages for libxml2, ucd-snmp, libtiff.
2. Relevant releases
ESX 3.0.3 without patch ESX303-200810503-SG
ESX 3.0.2 without patch ESX-1006968
ESX 2.5.5 before Upgrade Patch 10
ESX 2.5.4 before Upgrade Patch 21
NOTE: Extended support (Security and Bug fixes) for ESX 3.0.2 ended
on 2008-10-29. Extended support (Security and Bug fixes) for
ESX 2.5.4 ended on 2008-10-08.
Extended support for ESX 3.0.2 Update 1 ends on 2009-08-08. Users
should plan to upgrade to ESX 3.0.3 and preferably to the newest
release available.
3. Problem Description
a. Updated ESX Service Console package libxml2
A denial of service flaw was found in the way libxml2 processes
certain content. If an application that is linked against
libxml2 processes malformed XML content, the XML content might
cause the application to stop responding.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted any any not affected
ESXi 3.5 ESXi not affected
ESX 3.5 ESX affected, patch pending
ESX 3.0.3 ESX ESX303-200810503-SG
ESX 3.0.2 ESX ESX-1006968
ESX 2.5.5 ESX ESX 2.5.5 upgrade patch 10 or later
ESX 2.5.4 ESX ESX 2.5.4 upgrade patch 21
* hosted products are VMware Workstation, Player, ACE, Server, Fusion.
b. An attacker could use
this flaw to spoof an authenticated SNMPv3 packet.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted any any not affected
ESXi 3.5 ESXi not affected
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
ESX 3.0.2 ESX not affected
ESX 2.5.5 ESX ESX 2.5.5 upgrade patch 10 or later
ESX 2.5.4 ESX ESX 2.5.4 upgrade patch 21
* hosted products are VMware Workstation, Player, ACE, Server, Fusion.
c. Updated third party library libtiff
Multiple uses of uninitialized values were discovered in libtiff's
Lempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker
could create a carefully crafted LZW-encoded TIFF file that would
cause an application linked with libtiff to crash or, possibly,
execute arbitrary code.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted any any not affected
ESXi 3.5 ESXi not affected
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
ESX 3.0.2 ESX not affected
ESX 2.5.5 ESX ESX 2.5.5 upgrade patch 10 or later
ESX 2.5.4 ESX ESX 2.5.4 upgrade patch 21
* hosted products are VMware Workstation, Player, ACE, Server, Fusion.
4. Solution
Please review the patch/release notes for your product and version
and verify the md5sum of your downloaded file.
ESX
---
ESX 3.0.3 patch ESX303-200810503-SG
http://download3.vmware.com/software/vi/ESX303-200810503-SG.zip
md5sum: e687313e58377be41f6e6b767dfbf268
http://kb.vmware.com/kb/1006971
ESX 3.0.2 patch ESX-1006968
http://download3.vmware.com/software/vi/ESX-1006968.tgz
md5sum: fc9e30cff6f03a209e6a275254fa6719
http://kb.vmware.com/kb/1006968
VMware ESX 2.5.5 Upgrade Patch 10
http://download3.vmware.com/software/esx/esx-2.5.5-119702-upgrade.tar.gz
md5sum: 2ee87cdd70b1ba84751e24c0bd8b4621
http://vmware.com/support/esx25/doc/esx-255-200810-patch.html
VMware ESX 2.5.4 Upgrade Patch 21
http://download3.vmware.com/software/esx/esx-2.5.4-119703-upgrade.tar.gz
md5sum: d791be525c604c852a03dd7df0eabf35
http://vmware.com/support/esx25/doc/esx-254-200810-patch.html
5. References
CVE numbers
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3281
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0960
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2327
- ------------------------------------------------------------------------
6. Change log
2008-10-31 VMSA-2008-0017
Initial security advisory after release of ESX 3.0.3, ESX 3.0.2, ESX
2.5.5 and ESX 2.5.4 patches on 2008-10-30.
- -----------------------------------------------------------------------
7. Contact
E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
* security-announce at lists.vmware.com
* bugtraq at securityfocus.com
* full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055
VMware Security Center
http://www.vmware.com/security
VMware security response policy
http://www.vmware.com/support/policies/security_response.html
General support life cycle policy
http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html
Copyright 2008 VMware Inc. All rights reserved.
The authentication code reads the length to be checked from sender input,
this allows the sender to supply single byte HMAC code and have a 1 in 256
chance of matching the correct HMAC and authenticating, as only the first
byte will be checked. The sender would need to know a valid username.
Currently Net-SNMP and UCD-SNMP are known to be vulnerable, other SNMP
implementations may also be affected. The eCos project includes code derived
from UCD-SNMP and is therefore also affected.
Affected version:
Net-SNMP <= 5.4.1, <= 5.3.2, <= 5.2.4
UCD-SNMP, all versions
eCos, all versions
Fixed version:
Net-SNMP >= 5.4.1.1, >= 5.3.2.1, >= 5.2.4.1
UCD-SNMP, N/A
eCos, N/A
Credit: this issue was reported by CERT/CC, it is tracked as VU#878044.
CVE: CVE-2008-0960
Timeline:
2008-06-05: CERT/CC reports VU#878044 to oCERT requesting joint coordination
2008-06-05: contacted affected vendors
2008-06-06: added eCos to affected packages
2008-06-09: patched net-snmp packages released
2008-06-09: advisory release
References:
http://sourceforge.net/forum/forum.php?forum_id=833770
http://sourceforge.net/tracker/index.php?func=detail&aid=1989089&group_id=12694&atid=456380
http://www.kb.cert.org/vuls/id/878044
Links:
http://www.net-snmp.org
http://www.ece.ucdavis.edu/ucd-snmp
http://ecos.sourceware.org
Permalink:
http://www.ocert.org/advisories/ocert-2008-006.html
--
Andrea Barisani | Founder & Project Coordinator
oCERT | Open Source Computer Emergency Response Team
<lcars@ocert.org> http://www.ocert.org
0x864C9B9E 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E
"Pluralitas non est ponenda sine necessitate"
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200808-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Net-SNMP: Multiple vulnerabilities
Date: August 06, 2008
Bugs: #222265, #225105
ID: 200808-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities in Net-SNMP allow for authentication bypass in
snmpd and execution of arbitrary code in Perl applications using
Net-SMNP.
Background
==========
Net-SNMP is a collection of tools for generating and retrieving SNMP
data.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-analyzer/net-snmp < 5.4.1.1 >= 5.4.1.1
Description
===========
Wes Hardaker reported that the SNMPv3 HMAC verification relies on the
client to specify the HMAC length (CVE-2008-0960). John Kortink
reported a buffer overflow in the Perl bindings of Net-SNMP when
processing the OCTETSTRING in an attribute value pair (AVP) received by
an SNMP agent (CVE-2008-2292).
Impact
======
An attacker could send SNMPv3 packets to an instance of snmpd providing
a valid user name and an HMAC length value of 1, and easily conduct
brute-force attacks to bypass SNMP authentication. An attacker could
further entice a user to connect to a malicious SNMP agent with an SNMP
client using the Perl bindings, possibly resulting in the execution of
arbitrary code.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Net-SNMP users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-analyzer/net-snmp-5.4.1.1"
References
==========
[ 1 ] CVE-2008-0960
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0960
[ 2 ] CVE-2008-2292
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2292
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200808-02.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us.
License
=======
Copyright 2008 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
CVE-2008-4309
It was reported that an integer overflow in the
netsnmp_create_subtree_cache function in agent/snmp_agent.c allows
remote attackers to cause a denial of service attack via a crafted
SNMP GETBULK request.
For the stable distribution (etch), these problems has been fixed in
version 5.2.3-7etch4.
For the testing distribution (lenny) and unstable distribution (sid)
these problems have been fixed in version 5.4.1~dfsg-11.
We recommend that you upgrade your net-snmp package.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Source archives:
http://security.debian.org/pool/updates/main/n/net-snmp/net-snmp_5.2.3-7etch4.diff.gz
Size/MD5 checksum: 94030 2ccd6191c3212980956c30de392825ec
http://security.debian.org/pool/updates/main/n/net-snmp/net-snmp_5.2.3-7etch4.dsc
Size/MD5 checksum: 1046 8018cc23033178515298d5583a74f9ff
http://security.debian.org/pool/updates/main/n/net-snmp/net-snmp_5.2.3.orig.tar.gz
Size/MD5 checksum: 4006389 ba4bc583413f90618228d0f196da8181
Architecture independent packages:
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-base_5.2.3-7etch4_all.deb
Size/MD5 checksum: 1214368 d579d8f28f3d704b6c09b2b480425086
http://security.debian.org/pool/updates/main/n/net-snmp/tkmib_5.2.3-7etch4_all.deb
Size/MD5 checksum: 855594 b5ccd827adbcefcca3557fa9ae28cc08
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_alpha.deb
Size/MD5 checksum: 2169470 265835564ef2b0e2e86a08000461c53b
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_alpha.deb
Size/MD5 checksum: 944098 5b903886ee4740842715797e3231602c
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_alpha.deb
Size/MD5 checksum: 1901802 5486eb1f2a5b076e5342b1dd9cbb12e2
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_alpha.deb
Size/MD5 checksum: 933202 e3210ba1641079e0c3aaf4a50e89aedd
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_alpha.deb
Size/MD5 checksum: 835584 b14db8c5e5b5e2d34799952975f903fb
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_amd64.deb
Size/MD5 checksum: 932008 fc79672bf64eaabd41ed1c2f4a42c7da
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_amd64.deb
Size/MD5 checksum: 1890766 ae3832515a97a79b31e0e7f0316356ee
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_amd64.deb
Size/MD5 checksum: 835088 62867e9ba9dfca3c7e8ae575d5a478f5
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_amd64.deb
Size/MD5 checksum: 918844 d2d1bc5f555bc9dba153e2a9a964ffbf
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_amd64.deb
Size/MD5 checksum: 1557924 5c2a33a015dd44708a9cc7602ca2525c
arm architecture (ARM)
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_arm.deb
Size/MD5 checksum: 909974 4c1cef835efc0b7ff3fea54a618eabee
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_arm.deb
Size/MD5 checksum: 835284 3ac835d926481c9e0f589b578455ddee
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_arm.deb
Size/MD5 checksum: 928252 b98e98b58c61be02e477185293427d5c
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_arm.deb
Size/MD5 checksum: 1778292 b903adf3d1fa6e7a26f7cafb7bffdd6b
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_arm.deb
Size/MD5 checksum: 1344158 78b6cf6b2974983e8e3670468da73cd1
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_hppa.deb
Size/MD5 checksum: 835940 9eeaf116e386dd7733ab2106c662dfa9
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_hppa.deb
Size/MD5 checksum: 1809132 78bb5f1c12b004d32fa265e6bd99ffa1
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_hppa.deb
Size/MD5 checksum: 1926116 71c7f3095ffe1bb22e84ade21f32b3a4
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_hppa.deb
Size/MD5 checksum: 935434 85deac8531b02a0fdf3c9baa21d8e4bd
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_hppa.deb
Size/MD5 checksum: 935640 958cb158264f75772864cd5d5c0bf251
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_i386.deb
Size/MD5 checksum: 1423294 f05c7491a8100684c5085588738f05b5
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_i386.deb
Size/MD5 checksum: 833970 cb705c9fe9418cc9348ac935ea7b0ba2
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_i386.deb
Size/MD5 checksum: 920070 3df41a0c99c41d1bccf6801011cf8ed5
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_i386.deb
Size/MD5 checksum: 925914 159b4244ef701edbe0fb8c9685b5b477
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_i386.deb
Size/MD5 checksum: 1838900 3b7ac7b8fe0da1a3909ee56aba46d464
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_ia64.deb
Size/MD5 checksum: 2205680 6868a56b1db04627e6921bf7237939a2
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_ia64.deb
Size/MD5 checksum: 970440 783f0cccabfbcc63590730b3803d164d
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_ia64.deb
Size/MD5 checksum: 2281114 fd04b505755a3aed0fe4c9baaac84500
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_ia64.deb
Size/MD5 checksum: 842690 9f9ca89c3d3ba7c46481e9cd39c242a6
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_ia64.deb
Size/MD5 checksum: 962854 c8a32f808d719357a5b6350e2b60794e
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_mips.deb
Size/MD5 checksum: 895414 5dd919d188291cb3727d39b5e06c9e26
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_mips.deb
Size/MD5 checksum: 927342 28c245db4d8ea82ba4075b27d674d72a
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_mips.deb
Size/MD5 checksum: 833182 0e0b21e13d77de82bed7a38d30f65e4b
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_mips.deb
Size/MD5 checksum: 1769524 24bdc73a3d20c4046c7741957442c713
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_mips.deb
Size/MD5 checksum: 1717562 977ae5c34a127d32d8f2bf222de9a431
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_mipsel.deb
Size/MD5 checksum: 1755032 cab5c112911465a9ce23a0d2ea44ded9
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_mipsel.deb
Size/MD5 checksum: 926616 2bf14a3fe74d9f2a523aacc8b04f5282
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_mipsel.deb
Size/MD5 checksum: 895194 b7c9ed37bf83ad92371f5472ac5d917b
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_mipsel.deb
Size/MD5 checksum: 833098 08b63ba6c3becf25ba2f941a532a7b71
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_mipsel.deb
Size/MD5 checksum: 1720642 1ff7568eb478edee923edb76cf42e9ac
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_powerpc.deb
Size/MD5 checksum: 941434 bbac9384bd7f88339e2b86fa665208c1
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_powerpc.deb
Size/MD5 checksum: 835212 4790d79f8de7f1bee7aabf0473f25268
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_powerpc.deb
Size/MD5 checksum: 1657890 b91fcf52e80c7196cea0c13df9ac79ef
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_powerpc.deb
Size/MD5 checksum: 1803262 4d298c9509941390c7b2eb68320ad211
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_powerpc.deb
Size/MD5 checksum: 928170 b17966a6a61313344ac827b58f32eeef
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_s390.deb
Size/MD5 checksum: 1409718 2a128cbdce2522ef49604255cff41af2
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_s390.deb
Size/MD5 checksum: 931452 d3bb7c3a849cd2b35fa6e4acb19c318d
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_s390.deb
Size/MD5 checksum: 1834914 67e5b946df18b06b41b3e108d5ddc4e3
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_s390.deb
Size/MD5 checksum: 836102 7a4b85e8ea0e50d7213997b5f7d6309f
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_s390.deb
Size/MD5 checksum: 903864 3f80e78e4e2672aacf3da0690ff24b79
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_sparc.deb
Size/MD5 checksum: 925336 5824ea607689f3f1bd62a9e6e28f95ae
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_sparc.deb
Size/MD5 checksum: 1548630 1378d1cf730d3026bc1f01a4ab2ccedb
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_sparc.deb
Size/MD5 checksum: 918592 28a086f6aa2ee8d510b38c1a177843fc
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_sparc.deb
Size/MD5 checksum: 834186 068cbf2b4774ecf9504b820db26e6f1d
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_sparc.deb
Size/MD5 checksum: 1782014 d39fae5fe0d1397a2a1bd7397d6e850a
These files will probably be moved into the stable distribution on
its next update.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Announcement
Package: net-snmp
Announcement ID: SUSE-SA:2008:039
Date: Fri, 01 Aug 2008 13:00:00 +0000
Affected Products: openSUSE 10.2
openSUSE 10.3
openSUSE 11.0
SUSE SLES 9
Novell Linux Desktop 9
Open Enterprise Server
Novell Linux POS 9
SUSE Linux Enterprise Desktop 10 SP1
SLE SDK 10 SP1
SLE SDK 10 SP2
SUSE Linux Enterprise Server 10 SP1
SUSE Linux Enterprise Desktop 10 SP2
SUSE Linux Enterprise Server 10 SP2
Vulnerability Type: authentication bypass, denial-of-service
Severity (1-10): 6
SUSE Default Package: no
Cross-References: CVE-2008-0960
CVE-2008-2292
Content of This Advisory:
1) Security Vulnerability Resolved:
- authentication bypass
- denial-of-service
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
- viewvc/subversion
6) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Problem Description and Brief Discussion
The net-snmp daemon implements the "simple network management protocol".
The version 3 of SNMP as implemented in net-snmp uses the length of the
HMAC in a packet to verify against a local HMAC for authentication.
An attacker can therefore send a SNMPv3 packet with a one byte HMAC and
guess the correct first byte of the local HMAC with 256 packets (max).
Additionally a buffer overflow in perl-snmp was fixed that can cause a
denial-of-service/crash.
2) Solution or Work-Around
Please install the update package.
3) Special Instructions and Notes
Please restart net-snmp after the update.
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST
Online Update (YOU) tool. YOU detects which updates are required and
automatically performs the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing <file.rpm> with the filename of the
downloaded RPM package.
x86 Platform:
openSUSE 11.0:
http://download.opensuse.org/pub/opensuse/update/11.0/rpm/i586/libsnmp15-5.4.1-77.2.i586.rpm
http://download.opensuse.org/pub/opensuse/update/11.0/rpm/i586/net-snmp-5.4.1-77.2.i586.rpm
http://download.opensuse.org/pub/opensuse/update/11.0/rpm/i586/net-snmp-devel-5.4.1-77.2.i586.rpm
http://download.opensuse.org/pub/opensuse/update/11.0/rpm/i586/perl-SNMP-5.4.1-77.2.i586.rpm
http://download.opensuse.org/pub/opensuse/update/11.0/rpm/i586/snmp-mibs-5.4.1-77.2.i586.rpm
openSUSE 10.3:
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/libsnmp15-5.4.1-19.2.i586.rpm
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/net-snmp-5.4.1-19.2.i586.rpm
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/net-snmp-devel-5.4.1-19.2.i586.rpm
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/perl-SNMP-5.4.1-19.2.i586.rpm
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/snmp-mibs-5.4.1-19.2.i586.rpm
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/net-snmp-5.4.rc2-8.i586.rpm
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/net-snmp-devel-5.4.rc2-8.i586.rpm
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/perl-SNMP-5.4.rc2-8.i586.rpm
x86-64 Platform:
openSUSE 11.0:
http://download.opensuse.org/pub/opensuse/update/11.0/rpm/x86_64/net-snmp-32bit-5.4.1-77.2.x86_64.rpm
openSUSE 10.3:
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/net-snmp-32bit-5.4.1-19.2.x86_64.rpm
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/net-snmp-32bit-5.4.rc2-8.x86_64.rpm
Sources:
openSUSE 11.0:
http://download.opensuse.org/pub/opensuse/update/11.0/rpm/src/net-snmp-5.4.1-77.2.src.rpm
openSUSE 10.3:
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/net-snmp-5.4.1-19.2.src.rpm
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/net-snmp-5.4.rc2-8.src.rpm
Our maintenance customers are notified individually. The packages are
offered for installation from the maintenance web:
Open Enterprise Server
http://download.novell.com/index.jsp?search=Search&keywords=71093bdfd49361f6dbe32a8fde43b848
Novell Linux POS 9
http://download.novell.com/index.jsp?search=Search&keywords=71093bdfd49361f6dbe32a8fde43b848
Novell Linux Desktop 9
http://download.novell.com/index.jsp?search=Search&keywords=71093bdfd49361f6dbe32a8fde43b848
SUSE Linux Enterprise Server 10 SP1
http://download.novell.com/index.jsp?search=Search&keywords=71093bdfd49361f6dbe32a8fde43b848
SUSE Linux Enterprise Server 10 SP2
http://download.novell.com/index.jsp?search=Search&keywords=71093bdfd49361f6dbe32a8fde43b848
SLE SDK 10 SP2
http://download.novell.com/index.jsp?search=Search&keywords=71093bdfd49361f6dbe32a8fde43b848
SLE SDK 10 SP1
http://download.novell.com/index.jsp?search=Search&keywords=71093bdfd49361f6dbe32a8fde43b848
SUSE Linux Enterprise Desktop 10 SP1
http://download.novell.com/index.jsp?search=Search&keywords=71093bdfd49361f6dbe32a8fde43b848
SUSE Linux Enterprise Desktop 10 SP2
http://download.novell.com/index.jsp?search=Search&keywords=71093bdfd49361f6dbe32a8fde43b848
SUSE SLES 9
http://download.novell.com/index.jsp?search=Search&keywords=71093bdfd49361f6dbe32a8fde43b848
______________________________________________________________________________
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
- viewvc/subversion
This update of subversion fixes multiple vulnerabilities.
- CVE-2008-1290: list CVS or SVN commits on "all-forbidden" files
- CVE-2008-1291: directly access hidden CVSROOT folders
- CVE-2008-1292: expose restricted content via the revision view,
the log history, or the diff view
______________________________________________________________________________
6) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file where you saved the
announcement. The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security@suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and the integrity of
a package needs to be verified to ensure that it has not been tampered
with.
The internal rpm package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build@suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on
RPMv4-based distributions) and the gpg key ring of 'root' during
installation. You can also find it on the first installation CD and at
the end of this announcement.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
opensuse-security@opensuse.org
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security+subscribe@opensuse.org>.
opensuse-security-announce@opensuse.org
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security-announce+subscribe@opensuse.org>.
The <security@suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
. ===========================================================
Ubuntu Security Notice USN-685-1 December 03, 2008
net-snmp vulnerabilities
CVE-2008-0960, CVE-2008-2292, CVE-2008-4309
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 7.10
Ubuntu 8.04 LTS
Ubuntu 8.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
libsnmp-perl 5.2.1.2-4ubuntu2.3
libsnmp9 5.2.1.2-4ubuntu2.3
Ubuntu 7.10:
libsnmp-perl 5.3.1-6ubuntu2.2
libsnmp10 5.3.1-6ubuntu2.2
Ubuntu 8.04 LTS:
libsnmp-perl 5.4.1~dfsg-4ubuntu4.2
libsnmp15 5.4.1~dfsg-4ubuntu4.2
Ubuntu 8.10:
libsnmp15 5.4.1~dfsg-7.1ubuntu6.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
Wes Hardaker discovered that the SNMP service did not correctly validate
HMAC authentication requests. An unauthenticated remote attacker
could send specially crafted SNMPv3 traffic with a valid username
and gain access to the user's views without a valid authentication
passphrase. (CVE-2008-0960)
John Kortink discovered that the Net-SNMP Perl module did not correctly
check the size of returned values. If a user or automated system were
tricked into querying a malicious SNMP server, the application using
the Perl module could be made to crash, leading to a denial of service.
This did not affect Ubuntu 8.10. (CVE-2008-2292)
It was discovered that the SNMP service did not correctly handle large
GETBULK requests. (CVE-2008-4309)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.2.1.2-4ubuntu2.3.diff.gz
Size/MD5: 75402 9655d984a47cec8e27efa4db0b227870
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.2.1.2-4ubuntu2.3.dsc
Size/MD5: 838 17a17230a005c1acfd0569757e728fad
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.2.1.2.orig.tar.gz
Size/MD5: 3869893 34159770a7fe418d99fdd416a75358b1
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-base_5.2.1.2-4ubuntu2.3_all.deb
Size/MD5: 1152306 f7647cee4df8db87ab48c0d05635a973
http://security.ubuntu.com/ubuntu/pool/universe/n/net-snmp/tkmib_5.2.1.2-4ubuntu2.3_all.deb
Size/MD5: 822946 b9b852c188937d1fffc06d4da01325d5
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.2.1.2-4ubuntu2.3_amd64.deb
Size/MD5: 896620 a78012b3f0f13667081f97dc1a4d62e8
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9-dev_5.2.1.2-4ubuntu2.3_amd64.deb
Size/MD5: 1497194 7d55b8d1e4ae0c45753bedcf536a1a5a
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9_5.2.1.2-4ubuntu2.3_amd64.deb
Size/MD5: 1826252 0550c1401f9bbe5f345fd96484ed369c
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.2.1.2-4ubuntu2.3_amd64.deb
Size/MD5: 889330 5ad0ddb2c610973166e4dd07769ba3d3
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.2.1.2-4ubuntu2.3_amd64.deb
Size/MD5: 797086 18cf4210342b683d3ee24fe995329b55
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.2.1.2-4ubuntu2.3_i386.deb
Size/MD5: 896880 298d27ea1ece6e80bb8931b9a5e61961
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9-dev_5.2.1.2-4ubuntu2.3_i386.deb
Size/MD5: 1268472 acbca43ab7ea747fa3e4636d15ef997c
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9_5.2.1.2-4ubuntu2.3_i386.deb
Size/MD5: 1710342 bd27290685bcf1d6a23eb8705d3367e7
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.2.1.2-4ubuntu2.3_i386.deb
Size/MD5: 881838 58121bd9e4c845da7df4e540645e0e13
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.2.1.2-4ubuntu2.3_i386.deb
Size/MD5: 794672 221d1c554bd89f50dc3ac9108a6cef6b
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.2.1.2-4ubuntu2.3_powerpc.deb
Size/MD5: 913064 45a033b01c4b31ef90a92988bb5fb229
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9-dev_5.2.1.2-4ubuntu2.3_powerpc.deb
Size/MD5: 1590124 b62aa5477d9307d311c811298b7ec3d9
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9_5.2.1.2-4ubuntu2.3_powerpc.deb
Size/MD5: 1728094 5214ce9aebe3a8d7a28a1746a81ce8ea
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.2.1.2-4ubuntu2.3_powerpc.deb
Size/MD5: 898580 86e6c1b5dfb5bf91f63d7c6786b7abae
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.2.1.2-4ubuntu2.3_powerpc.deb
Size/MD5: 796092 1bab28407224f782b2c3ae04b4647333
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.2.1.2-4ubuntu2.3_sparc.deb
Size/MD5: 896832 3d233db9682d5654fdad6bc6b5a649ba
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9-dev_5.2.1.2-4ubuntu2.3_sparc.deb
Size/MD5: 1485268 064304ead0ca4653136376e8e9039e74
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9_5.2.1.2-4ubuntu2.3_sparc.deb
Size/MD5: 1706490 cb76027eb8167e0866a81b93a4da28ed
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.2.1.2-4ubuntu2.3_sparc.deb
Size/MD5: 883182 d1ffc12427d92be51efdba3349e74f9a
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.2.1.2-4ubuntu2.3_sparc.deb
Size/MD5: 796374 0f3f749ebe4af6111fe49316639004e4
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.3.1-6ubuntu2.2.diff.gz
Size/MD5: 94646 8b6f9380d9f8c5514a1d4db729c6df04
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.3.1-6ubuntu2.2.dsc
Size/MD5: 1287 f53866efd3ae4f3c939a77b1005e1f11
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.3.1.orig.tar.gz
Size/MD5: 4210843 360a9783dbc853bab6bda90d961daee5
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-base_5.3.1-6ubuntu2.2_all.deb
Size/MD5: 484306 f2d03276d1cdcef7e8b276ad8ca9595d
http://security.ubuntu.com/ubuntu/pool/universe/n/net-snmp/tkmib_5.3.1-6ubuntu2.2_all.deb
Size/MD5: 901284 6889b371d4de92eb61bf83b89d8a8c37
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-dev_5.3.1-6ubuntu2.2_amd64.deb
Size/MD5: 2541692 1e6de4bd3c3baa444a2e1980a593a40e
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.3.1-6ubuntu2.2_amd64.deb
Size/MD5: 968940 7efe4bdcb99f311f1c4bb2c3b9d24a4e
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp10_5.3.1-6ubuntu2.2_amd64.deb
Size/MD5: 1200930 821861c24499cfdfa2a82c329c610c16
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.3.1-6ubuntu2.2_amd64.deb
Size/MD5: 996572 00cc1a4c8c7924124984e666563e73d0
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.3.1-6ubuntu2.2_amd64.deb
Size/MD5: 908792 a40763280a3bdbe60eca5e07c5d6c30c
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-dev_5.3.1-6ubuntu2.2_i386.deb
Size/MD5: 2321524 59d44616802197e1227cf88abddefe36
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.3.1-6ubuntu2.2_i386.deb
Size/MD5: 967106 a6e5b308d889bdf6f5abe454e35ba474
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp10_5.3.1-6ubuntu2.2_i386.deb
Size/MD5: 1124462 ec99daa26d0fafba6e9f0b874a23bf3d
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.3.1-6ubuntu2.2_i386.deb
Size/MD5: 991956 cb20b6a4d68a858ffa0846431169d411
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.3.1-6ubuntu2.2_i386.deb
Size/MD5: 907546 1ab5119e23a16e99203c113d49fc2723
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-dev_5.3.1-6ubuntu2.2_lpia.deb
Size/MD5: 2305548 da57690a3327196e0c3684735be23f2e
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-perl_5.3.1-6ubuntu2.2_lpia.deb
Size/MD5: 968984 8da336a5fd871be10e6b8d66d3b9c9d3
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp10_5.3.1-6ubuntu2.2_lpia.deb
Size/MD5: 1074500 e4d6690a6a6a543fc0244a29cd350c9b
http://ports.ubuntu.com/pool/main/n/net-snmp/snmp_5.3.1-6ubuntu2.2_lpia.deb
Size/MD5: 989566 2d2f4b1662e6a2dffafe8e98f00a15e7
http://ports.ubuntu.com/pool/main/n/net-snmp/snmpd_5.3.1-6ubuntu2.2_lpia.deb
Size/MD5: 907596 4274e006754ebc836132166e0f0429a0
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-dev_5.3.1-6ubuntu2.2_powerpc.deb
Size/MD5: 2641202 9b2ec56463ee715752b780aa332d8cd0
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.3.1-6ubuntu2.2_powerpc.deb
Size/MD5: 985722 a2fca8426b7b51e98c39b91a468bf71f
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp10_5.3.1-6ubuntu2.2_powerpc.deb
Size/MD5: 1154496 6073239f7ffead2a5b9c3357ada1602c
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.3.1-6ubuntu2.2_powerpc.deb
Size/MD5: 1018596 af12cc55597a0d2d3a92b4b5d683bb14
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.3.1-6ubuntu2.2_powerpc.deb
Size/MD5: 911866 57e2246930e712bdc1b039840d43af48
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-dev_5.3.1-6ubuntu2.2_sparc.deb
Size/MD5: 2527568 19b1a0971259a9b99f9c0386f5935bfc
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.3.1-6ubuntu2.2_sparc.deb
Size/MD5: 970264 d8ae7f0bb10375ad487b14ba031cd013
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp10_5.3.1-6ubuntu2.2_sparc.deb
Size/MD5: 1078842 2401fc4c40352b8c8013e8c5de3b0ecd
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.3.1-6ubuntu2.2_sparc.deb
Size/MD5: 995228 16b230d3c718d8eb4a023126bd09d7f5
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.3.1-6ubuntu2.2_sparc.deb
Size/MD5: 908708 1e410a8ddac41ad9faec901c5a638f29
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.4.1~dfsg-4ubuntu4.2.diff.gz
Size/MD5: 78642 b4acf50e47be498e579b934f32081d25
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.4.1~dfsg-4ubuntu4.2.dsc
Size/MD5: 1447 0abcea5df87851df2aae7ebd1fc00e7a
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.4.1~dfsg.orig.tar.gz
Size/MD5: 4618308 0ef987c41d3414f2048c94d187a2baeb
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-base_5.4.1~dfsg-4ubuntu4.2_all.deb
Size/MD5: 526864 f3a131bf5a4f5c547573430cb66d410c
http://security.ubuntu.com/ubuntu/pool/universe/n/net-snmp/tkmib_5.4.1~dfsg-4ubuntu4.2_all.deb
Size/MD5: 102072 2f276f50efdb7e34f7e61f132f7f7cd7
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-dev_5.4.1~dfsg-4ubuntu4.2_amd64.deb
Size/MD5: 1796950 283c5a95206ab74062e0e30eba4e0890
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.4.1~dfsg-4ubuntu4.2_amd64.deb
Size/MD5: 142522 9fff294368a7eac39e37fa478ac6609d
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp15_5.4.1~dfsg-4ubuntu4.2_amd64.deb
Size/MD5: 1296694 d0646a1543c51f14a93b40f972bc1569
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.4.1~dfsg-4ubuntu4.2_amd64.deb
Size/MD5: 163178 0378a25e3b2a0bc80ddb8ec720b5557d
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.4.1~dfsg-4ubuntu4.2_amd64.deb
Size/MD5: 75960 fcba461f2e2376cad515329791e04a17
http://security.ubuntu.com/ubuntu/pool/universe/n/net-snmp/libsnmp-python_5.4.1~dfsg-4ubuntu4.2_amd64.deb
Size/MD5: 38512 21d9ecbc86a8e5965047d027e94fd324
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-dev_5.4.1~dfsg-4ubuntu4.2_i386.deb
Size/MD5: 1556806 39e4f63b841c4b36c022017d66c12f58
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.4.1~dfsg-4ubuntu4.2_i386.deb
Size/MD5: 179478 5f08596ae997792920e238ff8cd2a7ba
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp15_5.4.1~dfsg-4ubuntu4.2_i386.deb
Size/MD5: 1098794 38bc61a5b403fb4f626a641a5f13e681
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.4.1~dfsg-4ubuntu4.2_i386.deb
Size/MD5: 157954 66e38c37639f3c68e7e4a933fa953ff3
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.4.1~dfsg-4ubuntu4.2_i386.deb
Size/MD5: 74116 50b3a4d0cfd38585d2711d30cf725e9d
http://security.ubuntu.com/ubuntu/pool/universe/n/net-snmp/libsnmp-python_5.4.1~dfsg-4ubuntu4.2_i386.deb
Size/MD5: 75038 98cdeec4b1014568b00107a82fc74418
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-dev_5.4.1~dfsg-4ubuntu4.2_lpia.deb
Size/MD5: 1552018 d9dcab084f3b9bf3e8c36cb5db8f141e
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-perl_5.4.1~dfsg-4ubuntu4.2_lpia.deb
Size/MD5: 141508 96061180809cccc975e0d7079e07ed3e
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp15_5.4.1~dfsg-4ubuntu4.2_lpia.deb
Size/MD5: 1171530 2d91048fe0a2ac9e3a4fddb84c67513e
http://ports.ubuntu.com/pool/main/n/net-snmp/snmp_5.4.1~dfsg-4ubuntu4.2_lpia.deb
Size/MD5: 155564 c67ba3aeb2535ee3e7fc4c89e90ba36a
http://ports.ubuntu.com/pool/main/n/net-snmp/snmpd_5.4.1~dfsg-4ubuntu4.2_lpia.deb
Size/MD5: 74274 db05202893f516398bbe4e2153ef2d6e
http://ports.ubuntu.com/pool/universe/n/net-snmp/libsnmp-python_5.4.1~dfsg-4ubuntu4.2_lpia.deb
Size/MD5: 35552 a75caf212ffb5a0eafe4ba2656c9aae1
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-dev_5.4.1~dfsg-4ubuntu4.2_powerpc.deb
Size/MD5: 1874428 0ed8b5f4e6bad74d506d73447de00bd2
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-perl_5.4.1~dfsg-4ubuntu4.2_powerpc.deb
Size/MD5: 158374 dfcd7c4455b4bbd3f746368058d09a59
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp15_5.4.1~dfsg-4ubuntu4.2_powerpc.deb
Size/MD5: 1238226 b5b3a81e956cdb14674d571694d1b6d0
http://ports.ubuntu.com/pool/main/n/net-snmp/snmp_5.4.1~dfsg-4ubuntu4.2_powerpc.deb
Size/MD5: 185314 5e9d8bd56493f75ae8a8691c530aa420
http://ports.ubuntu.com/pool/main/n/net-snmp/snmpd_5.4.1~dfsg-4ubuntu4.2_powerpc.deb
Size/MD5: 83106 75dea32ec7152b7868fabf09d9d5a198
http://ports.ubuntu.com/pool/universe/n/net-snmp/libsnmp-python_5.4.1~dfsg-4ubuntu4.2_powerpc.deb
Size/MD5: 42928 214fe703fced2e387b48b51dcbb1d6b7
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-dev_5.4.1~dfsg-4ubuntu4.2_sparc.deb
Size/MD5: 1760062 ade4c08289d947d092a5b2ab06517cc7
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-perl_5.4.1~dfsg-4ubuntu4.2_sparc.deb
Size/MD5: 143860 62b7260d618531b0ed5e7871ab7b99a9
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp15_5.4.1~dfsg-4ubuntu4.2_sparc.deb
Size/MD5: 1159702 28ea81660bbdd9d7982be58d225e8814
http://ports.ubuntu.com/pool/main/n/net-snmp/snmp_5.4.1~dfsg-4ubuntu4.2_sparc.deb
Size/MD5: 160236 196e493ce73905446a3764e73b99f332
http://ports.ubuntu.com/pool/main/n/net-snmp/snmpd_5.4.1~dfsg-4ubuntu4.2_sparc.deb
Size/MD5: 75518 f24e4b0e3e4a7d97c28da99cdc0a47a5
http://ports.ubuntu.com/pool/universe/n/net-snmp/libsnmp-python_5.4.1~dfsg-4ubuntu4.2_sparc.deb
Size/MD5: 38240 873f5e820e381ec2254ed520bcd09af0
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.4.1~dfsg-7.1ubuntu6.1.diff.gz
Size/MD5: 82260 85fb58aa81933f142bd937bca2e18341
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.4.1~dfsg-7.1ubuntu6.1.dsc
Size/MD5: 1956 1ee06f6b731eae435af6a2d438ef909b
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.4.1~dfsg.orig.tar.gz
Size/MD5: 4618308 0ef987c41d3414f2048c94d187a2baeb
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-base_5.4.1~dfsg-7.1ubuntu6.1_all.deb
Size/MD5: 527650 9c56f3d70018b714895a61c0daba9498
http://security.ubuntu.com/ubuntu/pool/universe/n/net-snmp/tkmib_5.4.1~dfsg-7.1ubuntu6.1_all.deb
Size/MD5: 103060 108eb50387ca46b4ee38ebb8722ced88
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-dev_5.4.1~dfsg-7.1ubuntu6.1_amd64.deb
Size/MD5: 1815638 82385081fe2d4eeb1a6c94f9dae672ad
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.4.1~dfsg-7.1ubuntu6.1_amd64.deb
Size/MD5: 146154 1b6249e02e89213f2f4d2aa9c9123420
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp15_5.4.1~dfsg-7.1ubuntu6.1_amd64.deb
Size/MD5: 1315628 8443e091f2c63485a422236ad23e55cd
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.4.1~dfsg-7.1ubuntu6.1_amd64.deb
Size/MD5: 165522 154a05824b98e041ceac60ac83709ef4
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.4.1~dfsg-7.1ubuntu6.1_amd64.deb
Size/MD5: 77914 8d6e328f309e78bf1fcf21c2633d82ec
http://security.ubuntu.com/ubuntu/pool/universe/n/net-snmp/libsnmp-python_5.4.1~dfsg-7.1ubuntu6.1_amd64.deb
Size/MD5: 39930 6b7a1a67ca63b5c843ce66f3547b3c89
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-dev_5.4.1~dfsg-7.1ubuntu6.1_i386.deb
Size/MD5: 1569568 dd0599b150eccee9889325d17a7b0769
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.4.1~dfsg-7.1ubuntu6.1_i386.deb
Size/MD5: 184264 52a54aebef81648164a5bc90f27b0cc5
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp15_5.4.1~dfsg-7.1ubuntu6.1_i386.deb
Size/MD5: 1119072 10c81fe283b25e7ad31fcfd88a2325f0
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.4.1~dfsg-7.1ubuntu6.1_i386.deb
Size/MD5: 156112 6296f0836bc9797ff48810c79965c3a5
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.4.1~dfsg-7.1ubuntu6.1_i386.deb
Size/MD5: 74476 bd96a6915eb97fed083aac4daa5f07cf
http://security.ubuntu.com/ubuntu/pool/universe/n/net-snmp/libsnmp-python_5.4.1~dfsg-7.1ubuntu6.1_i386.deb
Size/MD5: 77652 3e30e51c362dfa982a3b3197be081328
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-dev_5.4.1~dfsg-7.1ubuntu6.1_lpia.deb
Size/MD5: 1557614 065f4575c7a2d257fa6b5b9d0cee454f
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-perl_5.4.1~dfsg-7.1ubuntu6.1_lpia.deb
Size/MD5: 144292 b55f2c4aff8a86499d7f38fd6e773f44
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp15_5.4.1~dfsg-7.1ubuntu6.1_lpia.deb
Size/MD5: 1184272 84116fefdce279ce338ffc9614384c06
http://ports.ubuntu.com/pool/main/n/net-snmp/snmp_5.4.1~dfsg-7.1ubuntu6.1_lpia.deb
Size/MD5: 154444 ffe9e765a01695355bdb58008a2910f5
http://ports.ubuntu.com/pool/main/n/net-snmp/snmpd_5.4.1~dfsg-7.1ubuntu6.1_lpia.deb
Size/MD5: 73746 762e75672fbd395d2d159513f5d572b0
http://ports.ubuntu.com/pool/universe/n/net-snmp/libsnmp-python_5.4.1~dfsg-7.1ubuntu6.1_lpia.deb
Size/MD5: 36530 0a98b51b94a5f75d4131d657aa766579
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-dev_5.4.1~dfsg-7.1ubuntu6.1_powerpc.deb
Size/MD5: 1884632 a3ad023841ee605efa1e055712b44d9a
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-perl_5.4.1~dfsg-7.1ubuntu6.1_powerpc.deb
Size/MD5: 161074 5586adea8200d2d5bf81f288b5bf7be2
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp15_5.4.1~dfsg-7.1ubuntu6.1_powerpc.deb
Size/MD5: 1249636 48ec688499fea1dc0ccb3091c0158fb8
http://ports.ubuntu.com/pool/main/n/net-snmp/snmp_5.4.1~dfsg-7.1ubuntu6.1_powerpc.deb
Size/MD5: 181952 8ef5f6b9b6c6b8e4fcd5cb37147304a2
http://ports.ubuntu.com/pool/main/n/net-snmp/snmpd_5.4.1~dfsg-7.1ubuntu6.1_powerpc.deb
Size/MD5: 81802 965218126fb5a49cfcd9e20afeb49782
http://ports.ubuntu.com/pool/universe/n/net-snmp/libsnmp-python_5.4.1~dfsg-7.1ubuntu6.1_powerpc.deb
Size/MD5: 43048 09f2f9ed9f519ca5723411802e46d48b
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-dev_5.4.1~dfsg-7.1ubuntu6.1_sparc.deb
Size/MD5: 1759316 46455cc355c1b808243eada0f134d00b
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp-perl_5.4.1~dfsg-7.1ubuntu6.1_sparc.deb
Size/MD5: 145164 2cdb5b35db853c7c184a44022fc23cd8
http://ports.ubuntu.com/pool/main/n/net-snmp/libsnmp15_5.4.1~dfsg-7.1ubuntu6.1_sparc.deb
Size/MD5: 1159834 cfff424e5bff38bb3ef9419f03465388
http://ports.ubuntu.com/pool/main/n/net-snmp/snmp_5.4.1~dfsg-7.1ubuntu6.1_sparc.deb
Size/MD5: 163042 354f7a5423a34c411c5f8620c66d3e58
http://ports.ubuntu.com/pool/main/n/net-snmp/snmpd_5.4.1~dfsg-7.1ubuntu6.1_sparc.deb
Size/MD5: 76994 ca11bcf9a411f618e35e1d6b6ab8c8f9
http://ports.ubuntu.com/pool/universe/n/net-snmp/libsnmp-python_5.4.1~dfsg-7.1ubuntu6.1_sparc.deb
Size/MD5: 38526 172493ec5df1866e2633e074c7f38775
. OpenSSL Binaries Updated
This fix updates the third party OpenSSL library. net-snmp Security update
This fix upgrades the service console rpm for net-snmp to version
net-snmp-5.0.9-2.30E.24. perl Security update
This fix upgrades the service console rpm for perl to version
perl-5.8.0-98.EL3.
ESX
---
ESX 3.0.3 build 104629
ESX Server 3.0.3 CD image
md5sum: c2cda9242c6981c7eba1004e8fc5626d
Upgrade package from ESX Server 2.x to ESX Server 3.0.3
md5sum: 0ad8fa4707915139d8b2343afebeb92b
Upgrade package from earlier releases of ESX Server 3 to ESX Server
3.0.3
md5sum: ff7f3dc12d34b474b231212bdf314113
release notes:
http://www.vmware.com/support/vi3/doc/releasenotes_esx303.html
5.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0960
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2292
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.1:
8db66ef5a5468d3fd72a47855230a28e 2007.1/i586/libnet-snmp10-5.3.1-3.2mdv2007.1.i586.rpm
c951b17138ef11828b2ccf031d4cddaf 2007.1/i586/libnet-snmp10-devel-5.3.1-3.2mdv2007.1.i586.rpm
536a87919f32fac81964d0a907bf08fe 2007.1/i586/libnet-snmp10-static-devel-5.3.1-3.2mdv2007.1.i586.rpm
39e33947c21666dac5dbe5cfe103b26d 2007.1/i586/net-snmp-5.3.1-3.2mdv2007.1.i586.rpm
1eed5ebaff8f6f83befbf8d831900073 2007.1/i586/net-snmp-mibs-5.3.1-3.2mdv2007.1.i586.rpm
874db03c69584025e4d91049072d3c4e 2007.1/i586/net-snmp-trapd-5.3.1-3.2mdv2007.1.i586.rpm
11af93c879d8cd9353b7cb1826900222 2007.1/i586/net-snmp-utils-5.3.1-3.2mdv2007.1.i586.rpm
2c9e819eeb5fd472f6a0fe338d86182b 2007.1/i586/perl-NetSNMP-5.3.1-3.2mdv2007.1.i586.rpm
7a0806202ff8f3d838fa7958b636a449 2007.1/SRPMS/net-snmp-5.3.1-3.2mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
aa27de502ce22110fd745c0b847b79d9 2007.1/x86_64/lib64net-snmp10-5.3.1-3.2mdv2007.1.x86_64.rpm
1843dd154c443cca9ae977e502221d6d 2007.1/x86_64/lib64net-snmp10-devel-5.3.1-3.2mdv2007.1.x86_64.rpm
838bd7820d446bd947bc46e090b38066 2007.1/x86_64/lib64net-snmp10-static-devel-5.3.1-3.2mdv2007.1.x86_64.rpm
e659d3df04816330c7bf45008f66bc27 2007.1/x86_64/net-snmp-5.3.1-3.2mdv2007.1.x86_64.rpm
756d5606a1039d20a7512b0a109d53bb 2007.1/x86_64/net-snmp-mibs-5.3.1-3.2mdv2007.1.x86_64.rpm
8ad36943e07362865f3a48c99914e48c 2007.1/x86_64/net-snmp-trapd-5.3.1-3.2mdv2007.1.x86_64.rpm
483140c06017507127d12357c3ed2b41 2007.1/x86_64/net-snmp-utils-5.3.1-3.2mdv2007.1.x86_64.rpm
e2bb901815ffa1ca5b0a16bc1363f84f 2007.1/x86_64/perl-NetSNMP-5.3.1-3.2mdv2007.1.x86_64.rpm
7a0806202ff8f3d838fa7958b636a449 2007.1/SRPMS/net-snmp-5.3.1-3.2mdv2007.1.src.rpm
Mandriva Linux 2008.0:
8de3c4975620db2b2c2697d6f9deb79b 2008.0/i586/libnet-snmp15-5.4.1-1.1mdv2008.0.i586.rpm
b1991c58d996f4be200fe141e28c5f7d 2008.0/i586/libnet-snmp-devel-5.4.1-1.1mdv2008.0.i586.rpm
03c54182cc7f97633f29ff0251a8c898 2008.0/i586/libnet-snmp-static-devel-5.4.1-1.1mdv2008.0.i586.rpm
1f792de19b7b38b56d68242958d5d800 2008.0/i586/net-snmp-5.4.1-1.1mdv2008.0.i586.rpm
e3362a641e232a6ecf0b8230f0e49ec8 2008.0/i586/net-snmp-mibs-5.4.1-1.1mdv2008.0.i586.rpm
bc6d8c10135ea64a4d512d80d04b1b39 2008.0/i586/net-snmp-trapd-5.4.1-1.1mdv2008.0.i586.rpm
8e7f28ee85fb48129eea57d11d391c8b 2008.0/i586/net-snmp-utils-5.4.1-1.1mdv2008.0.i586.rpm
beab129e378f61a6bf62d366a4d90639 2008.0/i586/perl-NetSNMP-5.4.1-1.1mdv2008.0.i586.rpm
3fce488df784163f19e6a55061d773ca 2008.0/SRPMS/net-snmp-5.4.1-1.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
82b570c9cb7e0662df4d7da730c131db 2008.0/x86_64/lib64net-snmp15-5.4.1-1.1mdv2008.0.x86_64.rpm
20b8a6e3fc8dd82fe5ecfdb337553938 2008.0/x86_64/lib64net-snmp-devel-5.4.1-1.1mdv2008.0.x86_64.rpm
555688caa0eee850b3a5f835a5778849 2008.0/x86_64/lib64net-snmp-static-devel-5.4.1-1.1mdv2008.0.x86_64.rpm
60d65f80aec29dcb6d4ceb4bb117a9bc 2008.0/x86_64/net-snmp-5.4.1-1.1mdv2008.0.x86_64.rpm
685c9dd25b585afc128de1b3c092e5d5 2008.0/x86_64/net-snmp-mibs-5.4.1-1.1mdv2008.0.x86_64.rpm
7bff860904572c092f737ac17940d5b2 2008.0/x86_64/net-snmp-trapd-5.4.1-1.1mdv2008.0.x86_64.rpm
e434686bddfb04f2a8bd01346517ecb4 2008.0/x86_64/net-snmp-utils-5.4.1-1.1mdv2008.0.x86_64.rpm
4fab6e498e1f05809db500ce895aad66 2008.0/x86_64/perl-NetSNMP-5.4.1-1.1mdv2008.0.x86_64.rpm
3fce488df784163f19e6a55061d773ca 2008.0/SRPMS/net-snmp-5.4.1-1.1mdv2008.0.src.rpm
Mandriva Linux 2008.1:
4bafceae1a29f6557b5aa884eca24ba0 2008.1/i586/libnet-snmp15-5.4.1-5.1mdv2008.1.i586.rpm
1eedbae5df7e503de1cba736129beaa1 2008.1/i586/libnet-snmp-devel-5.4.1-5.1mdv2008.1.i586.rpm
615a88847cbf1ce6eaf0029037a14b1b 2008.1/i586/libnet-snmp-static-devel-5.4.1-5.1mdv2008.1.i586.rpm
7323cb7d35eb67664d40ad73b413679d 2008.1/i586/net-snmp-5.4.1-5.1mdv2008.1.i586.rpm
d43ed96a806639a94af2a137c75e276e 2008.1/i586/net-snmp-mibs-5.4.1-5.1mdv2008.1.i586.rpm
7394b1361b43056b5eb99827771358cf 2008.1/i586/net-snmp-tkmib-5.4.1-5.1mdv2008.1.i586.rpm
8d6fd9308c2edbe8c020d2c33b3a841d 2008.1/i586/net-snmp-trapd-5.4.1-5.1mdv2008.1.i586.rpm
dc58047a02e1a222af20aa794ea8f447 2008.1/i586/net-snmp-utils-5.4.1-5.1mdv2008.1.i586.rpm
2ad9888cd61fc4952c1cee0c48f714b5 2008.1/i586/perl-NetSNMP-5.4.1-5.1mdv2008.1.i586.rpm
7a19c1f8d42052af6392b18b48bd965c 2008.1/SRPMS/net-snmp-5.4.1-5.1mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
618c241e0ecb57685646264c9bb083b4 2008.1/x86_64/lib64net-snmp15-5.4.1-5.1mdv2008.1.x86_64.rpm
bb0ebf49ee7cca29965aeb398f4725f6 2008.1/x86_64/lib64net-snmp-devel-5.4.1-5.1mdv2008.1.x86_64.rpm
b4f29f00773291f6cc00784ed7cde470 2008.1/x86_64/lib64net-snmp-static-devel-5.4.1-5.1mdv2008.1.x86_64.rpm
3039811b6682dc4009b32ff48a99eb2b 2008.1/x86_64/net-snmp-5.4.1-5.1mdv2008.1.x86_64.rpm
fab09178635501eb5d6a82eb7bd532a3 2008.1/x86_64/net-snmp-mibs-5.4.1-5.1mdv2008.1.x86_64.rpm
da29d4c7edaa15d95f8bee98dbfab025 2008.1/x86_64/net-snmp-tkmib-5.4.1-5.1mdv2008.1.x86_64.rpm
d9aad834d82d310c64f6f21e17a55920 2008.1/x86_64/net-snmp-trapd-5.4.1-5.1mdv2008.1.x86_64.rpm
7a7c871bd87dc91c16b046ac115cda70 2008.1/x86_64/net-snmp-utils-5.4.1-5.1mdv2008.1.x86_64.rpm
d102ea2af0fcaaebd98defda72bcfc91 2008.1/x86_64/perl-NetSNMP-5.4.1-5.1mdv2008.1.x86_64.rpm
7a19c1f8d42052af6392b18b48bd965c 2008.1/SRPMS/net-snmp-5.4.1-5.1mdv2008.1.src.rpm
Corporate 3.0:
335af3930865c8eb44ef436cad5fb373 corporate/3.0/i586/libnet-snmp5-5.1-7.4.C30mdk.i586.rpm
b8e1d307ee6fa3905d292077fc063318 corporate/3.0/i586/libnet-snmp5-devel-5.1-7.4.C30mdk.i586.rpm
a668cc4de411865567d1a93f34cee1e3 corporate/3.0/i586/libnet-snmp5-static-devel-5.1-7.4.C30mdk.i586.rpm
d8c0d342b03e5719443d2de06c631bd5 corporate/3.0/i586/libsnmp0-4.2.3-8.2.C30mdk.i586.rpm
6bbe3bb2502ce3c974f7b5737331bb4d corporate/3.0/i586/libsnmp0-devel-4.2.3-8.2.C30mdk.i586.rpm
daca10f2e578f75c1e7415d78ed30265 corporate/3.0/i586/net-snmp-5.1-7.4.C30mdk.i586.rpm
1630ebd75201e1bc3956b12a26282f92 corporate/3.0/i586/net-snmp-mibs-5.1-7.4.C30mdk.i586.rpm
5a4f483c877a6278088a265cb3273d61 corporate/3.0/i586/net-snmp-trapd-5.1-7.4.C30mdk.i586.rpm
316d866de7fa7cd984d58f5cb742f5e3 corporate/3.0/i586/net-snmp-utils-5.1-7.4.C30mdk.i586.rpm
e3d4197517565f12e2c3a8fd1cc5d2e7 corporate/3.0/i586/ucd-snmp-4.2.3-8.2.C30mdk.i586.rpm
17e8d856fd1dac18552818a842105c88 corporate/3.0/i586/ucd-snmp-utils-4.2.3-8.2.C30mdk.i586.rpm
ccaa4d311ad0e5d119e17b1f1876c7e2 corporate/3.0/SRPMS/net-snmp-5.1-7.4.C30mdk.src.rpm
53e16d2069cffb7e7d1e7a324192d5c2 corporate/3.0/SRPMS/ucd-snmp-4.2.3-8.2.C30mdk.src.rpm
Corporate 3.0/X86_64:
b31f277942fca76d953007c94a60cae2 corporate/3.0/x86_64/lib64net-snmp5-5.1-7.4.C30mdk.x86_64.rpm
e4a3fba10ccdd805dc8783ae68c99a42 corporate/3.0/x86_64/lib64net-snmp5-devel-5.1-7.4.C30mdk.x86_64.rpm
530a94cc87af0e4d6e9f3815473c0dd4 corporate/3.0/x86_64/lib64net-snmp5-static-devel-5.1-7.4.C30mdk.x86_64.rpm
f246ca421b5d16c599d53f70e4b97660 corporate/3.0/x86_64/lib64snmp0-4.2.3-8.2.C30mdk.x86_64.rpm
b943e07726a2fecb016ef4ba626906d8 corporate/3.0/x86_64/lib64snmp0-devel-4.2.3-8.2.C30mdk.x86_64.rpm
22822876f72e35cf6d1ed027df93e74a corporate/3.0/x86_64/net-snmp-5.1-7.4.C30mdk.x86_64.rpm
e7e51782b9bbd1e1bdf93c17fb953280 corporate/3.0/x86_64/net-snmp-mibs-5.1-7.4.C30mdk.x86_64.rpm
e67a9105f9492c020693d48ce55652ea corporate/3.0/x86_64/net-snmp-trapd-5.1-7.4.C30mdk.x86_64.rpm
171a17e507b2dfdb9c70c0089e582221 corporate/3.0/x86_64/net-snmp-utils-5.1-7.4.C30mdk.x86_64.rpm
96886146d21175b076e92d59e96f5016 corporate/3.0/x86_64/ucd-snmp-4.2.3-8.2.C30mdk.x86_64.rpm
1b6ee4c253f15be516a1928a4f791f15 corporate/3.0/x86_64/ucd-snmp-utils-4.2.3-8.2.C30mdk.x86_64.rpm
ccaa4d311ad0e5d119e17b1f1876c7e2 corporate/3.0/SRPMS/net-snmp-5.1-7.4.C30mdk.src.rpm
53e16d2069cffb7e7d1e7a324192d5c2 corporate/3.0/SRPMS/ucd-snmp-4.2.3-8.2.C30mdk.src.rpm
Corporate 4.0:
6cbe9d76db3b05c2435bcbc5cf16c898 corporate/4.0/i586/libnet-snmp5-5.2.1.2-5.2.20060mlcs4.i586.rpm
586a55cfde45020d5ea0ebf5f2d6c840 corporate/4.0/i586/libnet-snmp5-devel-5.2.1.2-5.2.20060mlcs4.i586.rpm
d992d8300cf0639942a179349d592e15 corporate/4.0/i586/libnet-snmp5-static-devel-5.2.1.2-5.2.20060mlcs4.i586.rpm
03a49b848c376b705dcfcef0ec817daf corporate/4.0/i586/net-snmp-5.2.1.2-5.2.20060mlcs4.i586.rpm
22b9d01b3b7a8a34ed3e1a5a435286a8 corporate/4.0/i586/net-snmp-mibs-5.2.1.2-5.2.20060mlcs4.i586.rpm
dccc01a94c1f29eac2875e6a935bf589 corporate/4.0/i586/net-snmp-trapd-5.2.1.2-5.2.20060mlcs4.i586.rpm
77f93230f96abce039b52ca5612eaa36 corporate/4.0/i586/net-snmp-utils-5.2.1.2-5.2.20060mlcs4.i586.rpm
8a7209b70979c9d73035ff40cbd8dbb4 corporate/4.0/i586/perl-NetSNMP-5.2.1.2-5.2.20060mlcs4.i586.rpm
ac919459a8752cddfd441c085ca69117 corporate/4.0/SRPMS/net-snmp-5.2.1.2-5.2.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
f94c7e967973ba8aa12b5605251d6e78 corporate/4.0/x86_64/lib64net-snmp5-5.2.1.2-5.2.20060mlcs4.x86_64.rpm
f332985986eff2d6c8a75b5c263dedb1 corporate/4.0/x86_64/lib64net-snmp5-devel-5.2.1.2-5.2.20060mlcs4.x86_64.rpm
82fc454916e75866370ee738292021c8 corporate/4.0/x86_64/lib64net-snmp5-static-devel-5.2.1.2-5.2.20060mlcs4.x86_64.rpm
ff0adeb23df57eb34869c7100df159da corporate/4.0/x86_64/net-snmp-5.2.1.2-5.2.20060mlcs4.x86_64.rpm
72f2dc9cb1695999660a9ff9c97e4c47 corporate/4.0/x86_64/net-snmp-mibs-5.2.1.2-5.2.20060mlcs4.x86_64.rpm
0f244551c87e051a8274e5050cf0bc2a corporate/4.0/x86_64/net-snmp-trapd-5.2.1.2-5.2.20060mlcs4.x86_64.rpm
7c4e7fb304c77c6551a50495d338e84e corporate/4.0/x86_64/net-snmp-utils-5.2.1.2-5.2.20060mlcs4.x86_64.rpm
68d81ca4c173710ef43b36092df2a6ee corporate/4.0/x86_64/perl-NetSNMP-5.2.1.2-5.2.20060mlcs4.x86_64.rpm
ac919459a8752cddfd441c085ca69117 corporate/4.0/SRPMS/net-snmp-5.2.1.2-5.2.20060mlcs4.src.rpm
Multi Network Firewall 2.0:
f98286a301d580fe306917cf0169ef88 mnf/2.0/i586/libnet-snmp5-5.1-7.4.M20mdk.i586.rpm
3ba27516773b1dd933828207cecc7754 mnf/2.0/SRPMS/net-snmp-5.1-7.4.M20mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security